Code Review / openocd.git / blob
? search:


9f05d777e0f49595c65433738b912670ac8e6e38
[openocd.git] / src / target / arm7_9_common.c
1 /***************************************************************************
2 * Copyright (C) 2005 by Dominic Rath *
3 * Dominic.Rath@gmx.de *
4 * *
5 * Copyright (C) 2007,2008 Øyvind Harboe *
6 * oyvind.harboe@zylin.com *
7 * *
8 * Copyright (C) 2008 by Spencer Oliver *
9 * spen@spen-soft.co.uk *
10 * *
11 * Copyright (C) 2008 by Hongtao Zheng *
12 * hontor@126.com *
13 * *
14 * This program is free software; you can redistribute it and/or modify *
15 * it under the terms of the GNU General Public License as published by *
16 * the Free Software Foundation; either version 2 of the License, or *
17 * (at your option) any later version. *
18 * *
19 * This program is distributed in the hope that it will be useful, *
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
22 * GNU General Public License for more details. *
23 * *
24 * You should have received a copy of the GNU General Public License *
25 * along with this program; if not, write to the *
26 * Free Software Foundation, Inc., *
27 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
28 ***************************************************************************/
29 #ifdef HAVE_CONFIG_H
30 #include "config.h"
31 #endif
32
33 #include "embeddedice.h"
34 #include "target_request.h"
35 #include "arm7_9_common.h"
36 #include "time_support.h"
37 #include "arm_simulator.h"
38
39
40 int arm7_9_debug_entry(target_t *target);
41 int arm7_9_enable_sw_bkpts(struct target_s *target);
42
43 /* command handler forward declarations */
44 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
45 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
46 int handle_arm7_9_read_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
47 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
48 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
49 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
50 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
51 int handle_arm7_9_etm_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc);
52
53 /**
54 * Clear watchpoints for an ARM7/9 target.
55 *
56 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
57 * @return JTAG error status after executing queue
58 */
59 static int arm7_9_clear_watchpoints(arm7_9_common_t *arm7_9)
60 {
61 LOG_DEBUG("-");
62 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
63 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
64 arm7_9->sw_breakpoint_count = 0;
65 arm7_9->sw_breakpoints_added = 0;
66 arm7_9->wp0_used = 0;
67 arm7_9->wp1_used = arm7_9->wp1_used_default;
68 arm7_9->wp_available = arm7_9->wp_available_max;
69
70 return jtag_execute_queue();
71 }
72
73 /**
74 * Assign a watchpoint to one of the two available hardware comparators in an
75 * ARM7 or ARM9 target.
76 *
77 * @param arm7_9 Pointer to the common struct for an ARM7/9 target
78 * @param breakpoint Pointer to the breakpoint to be used as a watchpoint
79 */
80 static void arm7_9_assign_wp(arm7_9_common_t *arm7_9, breakpoint_t *breakpoint)
81 {
82 if (!arm7_9->wp0_used)
83 {
84 arm7_9->wp0_used = 1;
85 breakpoint->set = 1;
86 arm7_9->wp_available--;
87 }
88 else if (!arm7_9->wp1_used)
89 {
90 arm7_9->wp1_used = 1;
91 breakpoint->set = 2;
92 arm7_9->wp_available--;
93 }
94 else
95 {
96 LOG_ERROR("BUG: no hardware comparator available");
97 }
98 LOG_DEBUG("BPID: %d (0x%08" PRIx32 ") using hw wp: %d",
99 breakpoint->unique_id,
100 breakpoint->address,
101 breakpoint->set );
102 }
103
104 /**
105 * Setup an ARM7/9 target's embedded ICE registers for software breakpoints.
106 *
107 * @param arm7_9 Pointer to common struct for ARM7/9 targets
108 * @return Error codes if there is a problem finding a watchpoint or the result
109 * of executing the JTAG queue
110 */
111 static int arm7_9_set_software_breakpoints(arm7_9_common_t *arm7_9)
112 {
113 if (arm7_9->sw_breakpoints_added)
114 {
115 return ERROR_OK;
116 }
117 if (arm7_9->wp_available < 1)
118 {
119 LOG_WARNING("can't enable sw breakpoints with no watchpoint unit available");
120 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
121 }
122 arm7_9->wp_available--;
123
124 /* pick a breakpoint unit */
125 if (!arm7_9->wp0_used)
126 {
127 arm7_9->sw_breakpoints_added = 1;
128 arm7_9->wp0_used = 3;
129 } else if (!arm7_9->wp1_used)
130 {
131 arm7_9->sw_breakpoints_added = 2;
132 arm7_9->wp1_used = 3;
133 }
134 else
135 {
136 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
137 return ERROR_FAIL;
138 }
139
140 if (arm7_9->sw_breakpoints_added == 1)
141 {
142 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], arm7_9->arm_bkpt);
143 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0x0);
144 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffffu);
145 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
146 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
147 }
148 else if (arm7_9->sw_breakpoints_added == 2)
149 {
150 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], arm7_9->arm_bkpt);
151 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0x0);
152 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0xffffffffu);
153 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
154 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
155 }
156 else
157 {
158 LOG_ERROR("BUG: both watchpoints used, but wp_available >= 1");
159 return ERROR_FAIL;
160 }
161 LOG_DEBUG("SW BP using hw wp: %d",
162 arm7_9->sw_breakpoints_added );
163
164 return jtag_execute_queue();
165 }
166
167 /**
168 * Setup the common pieces for an ARM7/9 target after reset or on startup.
169 *
170 * @param target Pointer to an ARM7/9 target to setup
171 * @return Result of clearing the watchpoints on the target
172 */
173 int arm7_9_setup(target_t *target)
174 {
175 armv4_5_common_t *armv4_5 = target->arch_info;
176 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
177
178 return arm7_9_clear_watchpoints(arm7_9);
179 }
180
181 /**
182 * Retrieves the architecture information pointers for ARMv4/5 and ARM7/9
183 * targets. A return of ERROR_OK signifies that the target is a valid target
184 * and that the pointers have been set properly.
185 *
186 * @param target Pointer to the target device to get the pointers from
187 * @param armv4_5_p Pointer to be filled in with the common struct for ARMV4/5
188 * targets
189 * @param arm7_9_p Pointer to be filled in with the common struct for ARM7/9
190 * targets
191 * @return ERROR_OK if successful
192 */
193 int arm7_9_get_arch_pointers(target_t *target, armv4_5_common_t **armv4_5_p, arm7_9_common_t **arm7_9_p)
194 {
195 armv4_5_common_t *armv4_5 = target->arch_info;
196 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
197
198 if (armv4_5->common_magic != ARMV4_5_COMMON_MAGIC)
199 {
200 return -1;
201 }
202
203 if (arm7_9->common_magic != ARM7_9_COMMON_MAGIC)
204 {
205 return -1;
206 }
207
208 *armv4_5_p = armv4_5;
209 *arm7_9_p = arm7_9;
210
211 return ERROR_OK;
212 }
213
214 /**
215 * Set either a hardware or software breakpoint on an ARM7/9 target. The
216 * breakpoint is set up even if it is already set. Some actions, e.g. reset,
217 * might have erased the values in Embedded ICE.
218 *
219 * @param target Pointer to the target device to set the breakpoints on
220 * @param breakpoint Pointer to the breakpoint to be set
221 * @return For hardware breakpoints, this is the result of executing the JTAG
222 * queue. For software breakpoints, this will be the status of the
223 * required memory reads and writes
224 */
225 int arm7_9_set_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
226 {
227 armv4_5_common_t *armv4_5 = target->arch_info;
228 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
229 int retval = ERROR_OK;
230
231 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32 ", Type: %d" ,
232 breakpoint->unique_id,
233 breakpoint->address,
234 breakpoint->type);
235
236 if (target->state != TARGET_HALTED)
237 {
238 LOG_WARNING("target not halted");
239 return ERROR_TARGET_NOT_HALTED;
240 }
241
242 if (breakpoint->type == BKPT_HARD)
243 {
244 /* either an ARM (4 byte) or Thumb (2 byte) breakpoint */
245 uint32_t mask = (breakpoint->length == 4) ? 0x3u : 0x1u;
246
247 /* reassign a hw breakpoint */
248 if (breakpoint->set == 0)
249 {
250 arm7_9_assign_wp(arm7_9, breakpoint);
251 }
252
253 if (breakpoint->set == 1)
254 {
255 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], breakpoint->address);
256 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
257 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffffu);
258 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
259 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
260 }
261 else if (breakpoint->set == 2)
262 {
263 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], breakpoint->address);
264 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
265 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffffu);
266 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
267 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
268 }
269 else
270 {
271 LOG_ERROR("BUG: no hardware comparator available");
272 return ERROR_OK;
273 }
274
275 retval = jtag_execute_queue();
276 }
277 else if (breakpoint->type == BKPT_SOFT)
278 {
279 /* did we already set this breakpoint? */
280 if (breakpoint->set)
281 return ERROR_OK;
282
283 if (breakpoint->length == 4)
284 {
285 uint32_t verify = 0xffffffff;
286 /* keep the original instruction in target endianness */
287 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
288 {
289 return retval;
290 }
291 /* write the breakpoint instruction in target endianness (arm7_9->arm_bkpt is host endian) */
292 if ((retval = target_write_u32(target, breakpoint->address, arm7_9->arm_bkpt)) != ERROR_OK)
293 {
294 return retval;
295 }
296
297 if ((retval = target_read_u32(target, breakpoint->address, &verify)) != ERROR_OK)
298 {
299 return retval;
300 }
301 if (verify != arm7_9->arm_bkpt)
302 {
303 LOG_ERROR("Unable to set 32 bit software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
304 return ERROR_OK;
305 }
306 }
307 else
308 {
309 uint16_t verify = 0xffff;
310 /* keep the original instruction in target endianness */
311 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
312 {
313 return retval;
314 }
315 /* write the breakpoint instruction in target endianness (arm7_9->thumb_bkpt is host endian) */
316 if ((retval = target_write_u16(target, breakpoint->address, arm7_9->thumb_bkpt)) != ERROR_OK)
317 {
318 return retval;
319 }
320
321 if ((retval = target_read_u16(target, breakpoint->address, &verify)) != ERROR_OK)
322 {
323 return retval;
324 }
325 if (verify != arm7_9->thumb_bkpt)
326 {
327 LOG_ERROR("Unable to set thumb software breakpoint at address %08" PRIx32 " - check that memory is read/writable", breakpoint->address);
328 return ERROR_OK;
329 }
330 }
331
332 if ((retval = arm7_9_set_software_breakpoints(arm7_9)) != ERROR_OK)
333 return retval;
334
335 arm7_9->sw_breakpoint_count++;
336
337 breakpoint->set = 1;
338 }
339
340 return retval;
341 }
342
343 /**
344 * Unsets an existing breakpoint on an ARM7/9 target. If it is a hardware
345 * breakpoint, the watchpoint used will be freed and the Embedded ICE registers
346 * will be updated. Otherwise, the software breakpoint will be restored to its
347 * original instruction if it hasn't already been modified.
348 *
349 * @param target Pointer to ARM7/9 target to unset the breakpoint from
350 * @param breakpoint Pointer to breakpoint to be unset
351 * @return For hardware breakpoints, this is the result of executing the JTAG
352 * queue. For software breakpoints, this will be the status of the
353 * required memory reads and writes
354 */
355 int arm7_9_unset_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
356 {
357 int retval = ERROR_OK;
358
359 armv4_5_common_t *armv4_5 = target->arch_info;
360 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
361
362 LOG_DEBUG("BPID: %d, Address: 0x%08" PRIx32,
363 breakpoint->unique_id,
364 breakpoint->address );
365
366 if (!breakpoint->set)
367 {
368 LOG_WARNING("breakpoint not set");
369 return ERROR_OK;
370 }
371
372 if (breakpoint->type == BKPT_HARD)
373 {
374 LOG_DEBUG("BPID: %d Releasing hw wp: %d",
375 breakpoint->unique_id,
376 breakpoint->set );
377 if (breakpoint->set == 1)
378 {
379 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
380 arm7_9->wp0_used = 0;
381 arm7_9->wp_available++;
382 }
383 else if (breakpoint->set == 2)
384 {
385 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
386 arm7_9->wp1_used = 0;
387 arm7_9->wp_available++;
388 }
389 retval = jtag_execute_queue();
390 breakpoint->set = 0;
391 }
392 else
393 {
394 /* restore original instruction (kept in target endianness) */
395 if (breakpoint->length == 4)
396 {
397 uint32_t current_instr;
398 /* check that user program as not modified breakpoint instruction */
399 if ((retval = target_read_memory(target, breakpoint->address, 4, 1, (uint8_t*)&current_instr)) != ERROR_OK)
400 {
401 return retval;
402 }
403 if (current_instr == arm7_9->arm_bkpt)
404 if ((retval = target_write_memory(target, breakpoint->address, 4, 1, breakpoint->orig_instr)) != ERROR_OK)
405 {
406 return retval;
407 }
408 }
409 else
410 {
411 uint16_t current_instr;
412 /* check that user program as not modified breakpoint instruction */
413 if ((retval = target_read_memory(target, breakpoint->address, 2, 1, (uint8_t*)&current_instr)) != ERROR_OK)
414 {
415 return retval;
416 }
417 if (current_instr == arm7_9->thumb_bkpt)
418 if ((retval = target_write_memory(target, breakpoint->address, 2, 1, breakpoint->orig_instr)) != ERROR_OK)
419 {
420 return retval;
421 }
422 }
423
424 if (--arm7_9->sw_breakpoint_count==0)
425 {
426 /* We have removed the last sw breakpoint, clear the hw breakpoint we used to implement it */
427 if (arm7_9->sw_breakpoints_added == 1)
428 {
429 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0);
430 }
431 else if (arm7_9->sw_breakpoints_added == 2)
432 {
433 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0);
434 }
435 }
436
437 breakpoint->set = 0;
438 }
439
440 return retval;
441 }
442
443 /**
444 * Add a breakpoint to an ARM7/9 target. This makes sure that there are no
445 * dangling breakpoints and that the desired breakpoint can be added.
446 *
447 * @param target Pointer to the target ARM7/9 device to add a breakpoint to
448 * @param breakpoint Pointer to the breakpoint to be added
449 * @return An error status if there is a problem adding the breakpoint or the
450 * result of setting the breakpoint
451 */
452 int arm7_9_add_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
453 {
454 armv4_5_common_t *armv4_5 = target->arch_info;
455 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
456
457 if (target->state != TARGET_HALTED)
458 {
459 LOG_WARNING("target not halted");
460 return ERROR_TARGET_NOT_HALTED;
461 }
462
463 if (arm7_9->breakpoint_count == 0)
464 {
465 /* make sure we don't have any dangling breakpoints. This is vital upon
466 * GDB connect/disconnect
467 */
468 arm7_9_clear_watchpoints(arm7_9);
469 }
470
471 if ((breakpoint->type == BKPT_HARD) && (arm7_9->wp_available < 1))
472 {
473 LOG_INFO("no watchpoint unit available for hardware breakpoint");
474 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
475 }
476
477 if ((breakpoint->length != 2) && (breakpoint->length != 4))
478 {
479 LOG_INFO("only breakpoints of two (Thumb) or four (ARM) bytes length supported");
480 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
481 }
482
483 if (breakpoint->type == BKPT_HARD)
484 {
485 arm7_9_assign_wp(arm7_9, breakpoint);
486 }
487
488 arm7_9->breakpoint_count++;
489
490 return arm7_9_set_breakpoint(target, breakpoint);
491 }
492
493 /**
494 * Removes a breakpoint from an ARM7/9 target. This will make sure there are no
495 * dangling breakpoints and updates available watchpoints if it is a hardware
496 * breakpoint.
497 *
498 * @param target Pointer to the target to have a breakpoint removed
499 * @param breakpoint Pointer to the breakpoint to be removed
500 * @return Error status if there was a problem unsetting the breakpoint or the
501 * watchpoints could not be cleared
502 */
503 int arm7_9_remove_breakpoint(struct target_s *target, breakpoint_t *breakpoint)
504 {
505 int retval = ERROR_OK;
506 armv4_5_common_t *armv4_5 = target->arch_info;
507 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
508
509 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
510 {
511 return retval;
512 }
513
514 if (breakpoint->type == BKPT_HARD)
515 arm7_9->wp_available++;
516
517 arm7_9->breakpoint_count--;
518 if (arm7_9->breakpoint_count == 0)
519 {
520 /* make sure we don't have any dangling breakpoints */
521 if ((retval = arm7_9_clear_watchpoints(arm7_9)) != ERROR_OK)
522 {
523 return retval;
524 }
525 }
526
527 return ERROR_OK;
528 }
529
530 /**
531 * Sets a watchpoint for an ARM7/9 target in one of the watchpoint units. It is
532 * considered a bug to call this function when there are no available watchpoint
533 * units.
534 *
535 * @param target Pointer to an ARM7/9 target to set a watchpoint on
536 * @param watchpoint Pointer to the watchpoint to be set
537 * @return Error status if watchpoint set fails or the result of executing the
538 * JTAG queue
539 */
540 int arm7_9_set_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
541 {
542 int retval = ERROR_OK;
543 armv4_5_common_t *armv4_5 = target->arch_info;
544 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
545 int rw_mask = 1;
546 uint32_t mask;
547
548 mask = watchpoint->length - 1;
549
550 if (target->state != TARGET_HALTED)
551 {
552 LOG_WARNING("target not halted");
553 return ERROR_TARGET_NOT_HALTED;
554 }
555
556 if (watchpoint->rw == WPT_ACCESS)
557 rw_mask = 0;
558 else
559 rw_mask = 1;
560
561 if (!arm7_9->wp0_used)
562 {
563 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], watchpoint->address);
564 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], mask);
565 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], watchpoint->mask);
566 if (watchpoint->mask != 0xffffffffu)
567 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_VALUE], watchpoint->value);
568 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
569 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
570
571 if ((retval = jtag_execute_queue()) != ERROR_OK)
572 {
573 return retval;
574 }
575 watchpoint->set = 1;
576 arm7_9->wp0_used = 2;
577 }
578 else if (!arm7_9->wp1_used)
579 {
580 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], watchpoint->address);
581 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], mask);
582 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], watchpoint->mask);
583 if (watchpoint->mask != 0xffffffffu)
584 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_VALUE], watchpoint->value);
585 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], 0xff & ~EICE_W_CTRL_nOPC & ~rw_mask);
586 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE | EICE_W_CTRL_nOPC | (watchpoint->rw & 1));
587
588 if ((retval = jtag_execute_queue()) != ERROR_OK)
589 {
590 return retval;
591 }
592 watchpoint->set = 2;
593 arm7_9->wp1_used = 2;
594 }
595 else
596 {
597 LOG_ERROR("BUG: no hardware comparator available");
598 return ERROR_OK;
599 }
600
601 return ERROR_OK;
602 }
603
604 /**
605 * Unset an existing watchpoint and clear the used watchpoint unit.
606 *
607 * @param target Pointer to the target to have the watchpoint removed
608 * @param watchpoint Pointer to the watchpoint to be removed
609 * @return Error status while trying to unset the watchpoint or the result of
610 * executing the JTAG queue
611 */
612 int arm7_9_unset_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
613 {
614 int retval = ERROR_OK;
615 armv4_5_common_t *armv4_5 = target->arch_info;
616 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
617
618 if (target->state != TARGET_HALTED)
619 {
620 LOG_WARNING("target not halted");
621 return ERROR_TARGET_NOT_HALTED;
622 }
623
624 if (!watchpoint->set)
625 {
626 LOG_WARNING("breakpoint not set");
627 return ERROR_OK;
628 }
629
630 if (watchpoint->set == 1)
631 {
632 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
633 if ((retval = jtag_execute_queue()) != ERROR_OK)
634 {
635 return retval;
636 }
637 arm7_9->wp0_used = 0;
638 }
639 else if (watchpoint->set == 2)
640 {
641 embeddedice_set_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
642 if ((retval = jtag_execute_queue()) != ERROR_OK)
643 {
644 return retval;
645 }
646 arm7_9->wp1_used = 0;
647 }
648 watchpoint->set = 0;
649
650 return ERROR_OK;
651 }
652
653 /**
654 * Add a watchpoint to an ARM7/9 target. If there are no watchpoint units
655 * available, an error response is returned.
656 *
657 * @param target Pointer to the ARM7/9 target to add a watchpoint to
658 * @param watchpoint Pointer to the watchpoint to be added
659 * @return Error status while trying to add the watchpoint
660 */
661 int arm7_9_add_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
662 {
663 armv4_5_common_t *armv4_5 = target->arch_info;
664 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
665
666 if (target->state != TARGET_HALTED)
667 {
668 LOG_WARNING("target not halted");
669 return ERROR_TARGET_NOT_HALTED;
670 }
671
672 if (arm7_9->wp_available < 1)
673 {
674 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
675 }
676
677 if ((watchpoint->length != 1) && (watchpoint->length != 2) && (watchpoint->length != 4))
678 {
679 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
680 }
681
682 arm7_9->wp_available--;
683
684 return ERROR_OK;
685 }
686
687 /**
688 * Remove a watchpoint from an ARM7/9 target. The watchpoint will be unset and
689 * the used watchpoint unit will be reopened.
690 *
691 * @param target Pointer to the target to remove a watchpoint from
692 * @param watchpoint Pointer to the watchpoint to be removed
693 * @return Result of trying to unset the watchpoint
694 */
695 int arm7_9_remove_watchpoint(struct target_s *target, watchpoint_t *watchpoint)
696 {
697 int retval = ERROR_OK;
698 armv4_5_common_t *armv4_5 = target->arch_info;
699 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
700
701 if (watchpoint->set)
702 {
703 if ((retval = arm7_9_unset_watchpoint(target, watchpoint)) != ERROR_OK)
704 {
705 return retval;
706 }
707 }
708
709 arm7_9->wp_available++;
710
711 return ERROR_OK;
712 }
713
714 /**
715 * Restarts the target by sending a RESTART instruction and moving the JTAG
716 * state to IDLE. This includes a timeout waiting for DBGACK and SYSCOMP to be
717 * asserted by the processor.
718 *
719 * @param target Pointer to target to issue commands to
720 * @return Error status if there is a timeout or a problem while executing the
721 * JTAG queue
722 */
723 int arm7_9_execute_sys_speed(struct target_s *target)
724 {
725 int retval;
726
727 armv4_5_common_t *armv4_5 = target->arch_info;
728 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
729 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
730 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
731
732 /* set RESTART instruction */
733 jtag_set_end_state(TAP_IDLE);
734 if (arm7_9->need_bypass_before_restart) {
735 arm7_9->need_bypass_before_restart = 0;
736 arm_jtag_set_instr(jtag_info, 0xf, NULL);
737 }
738 arm_jtag_set_instr(jtag_info, 0x4, NULL);
739
740 long long then = timeval_ms();
741 int timeout;
742 while (!(timeout = ((timeval_ms()-then) > 1000)))
743 {
744 /* read debug status register */
745 embeddedice_read_reg(dbg_stat);
746 if ((retval = jtag_execute_queue()) != ERROR_OK)
747 return retval;
748 if ((buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
749 && (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_SYSCOMP, 1)))
750 break;
751 if (debug_level >= 3)
752 {
753 alive_sleep(100);
754 } else
755 {
756 keep_alive();
757 }
758 }
759 if (timeout)
760 {
761 LOG_ERROR("timeout waiting for SYSCOMP & DBGACK, last DBG_STATUS: %" PRIx32 "", buf_get_u32(dbg_stat->value, 0, dbg_stat->size));
762 return ERROR_TARGET_TIMEOUT;
763 }
764
765 return ERROR_OK;
766 }
767
768 /**
769 * Restarts the target by sending a RESTART instruction and moving the JTAG
770 * state to IDLE. This validates that DBGACK and SYSCOMP are set without
771 * waiting until they are.
772 *
773 * @param target Pointer to the target to issue commands to
774 * @return Always ERROR_OK
775 */
776 int arm7_9_execute_fast_sys_speed(struct target_s *target)
777 {
778 static int set = 0;
779 static uint8_t check_value[4], check_mask[4];
780
781 armv4_5_common_t *armv4_5 = target->arch_info;
782 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
783 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
784 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
785
786 /* set RESTART instruction */
787 jtag_set_end_state(TAP_IDLE);
788 if (arm7_9->need_bypass_before_restart) {
789 arm7_9->need_bypass_before_restart = 0;
790 arm_jtag_set_instr(jtag_info, 0xf, NULL);
791 }
792 arm_jtag_set_instr(jtag_info, 0x4, NULL);
793
794 if (!set)
795 {
796 /* check for DBGACK and SYSCOMP set (others don't care) */
797
798 /* NB! These are constants that must be available until after next jtag_execute() and
799 * we evaluate the values upon first execution in lieu of setting up these constants
800 * during early setup.
801 * */
802 buf_set_u32(check_value, 0, 32, 0x9);
803 buf_set_u32(check_mask, 0, 32, 0x9);
804 set = 1;
805 }
806
807 /* read debug status register */
808 embeddedice_read_reg_w_check(dbg_stat, check_value, check_mask);
809
810 return ERROR_OK;
811 }
812
813 /**
814 * Get some data from the ARM7/9 target.
815 *
816 * @param target Pointer to the ARM7/9 target to read data from
817 * @param size The number of 32bit words to be read
818 * @param buffer Pointer to the buffer that will hold the data
819 * @return The result of receiving data from the Embedded ICE unit
820 */
821 int arm7_9_target_request_data(target_t *target, uint32_t size, uint8_t *buffer)
822 {
823 armv4_5_common_t *armv4_5 = target->arch_info;
824 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
825 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
826 uint32_t *data;
827 int retval = ERROR_OK;
828 uint32_t i;
829
830 data = malloc(size * (sizeof(uint32_t)));
831
832 retval = embeddedice_receive(jtag_info, data, size);
833
834 /* return the 32-bit ints in the 8-bit array */
835 for (i = 0; i < size; i++)
836 {
837 h_u32_to_le(buffer + (i * 4), data[i]);
838 }
839
840 free(data);
841
842 return retval;
843 }
844
845 /**
846 * Handles requests to an ARM7/9 target. If debug messaging is enabled, the
847 * target is running and the DCC control register has the W bit high, this will
848 * execute the request on the target.
849 *
850 * @param priv Void pointer expected to be a target_t pointer
851 * @return ERROR_OK unless there are issues with the JTAG queue or when reading
852 * from the Embedded ICE unit
853 */
854 int arm7_9_handle_target_request(void *priv)
855 {
856 int retval = ERROR_OK;
857 target_t *target = priv;
858 if (!target_was_examined(target))
859 return ERROR_OK;
860 armv4_5_common_t *armv4_5 = target->arch_info;
861 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
862 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
863 reg_t *dcc_control = &arm7_9->eice_cache->reg_list[EICE_COMMS_CTRL];
864
865 if (!target->dbg_msg_enabled)
866 return ERROR_OK;
867
868 if (target->state == TARGET_RUNNING)
869 {
870 /* read DCC control register */
871 embeddedice_read_reg(dcc_control);
872 if ((retval = jtag_execute_queue()) != ERROR_OK)
873 {
874 return retval;
875 }
876
877 /* check W bit */
878 if (buf_get_u32(dcc_control->value, 1, 1) == 1)
879 {
880 uint32_t request;
881
882 if ((retval = embeddedice_receive(jtag_info, &request, 1)) != ERROR_OK)
883 {
884 return retval;
885 }
886 if ((retval = target_request(target, request)) != ERROR_OK)
887 {
888 return retval;
889 }
890 }
891 }
892
893 return ERROR_OK;
894 }
895
896 /**
897 * Polls an ARM7/9 target for its current status. If DBGACK is set, the target
898 * is manipulated to the right halted state based on its current state. This is
899 * what happens:
900 *
901 * <table>
902 * <tr><th > State</th><th > Action</th></tr>
903 * <tr><td > TARGET_RUNNING | TARGET_RESET</td><td > Enters debug mode. If TARGET_RESET, pc may be checked</td></tr>
904 * <tr><td > TARGET_UNKNOWN</td><td > Warning is logged</td></tr>
905 * <tr><td > TARGET_DEBUG_RUNNING</td><td > Enters debug mode</td></tr>
906 * <tr><td > TARGET_HALTED</td><td > Nothing</td></tr>
907 * </table>
908 *
909 * If the target does not end up in the halted state, a warning is produced. If
910 * DBGACK is cleared, then the target is expected to either be running or
911 * running in debug.
912 *
913 * @param target Pointer to the ARM7/9 target to poll
914 * @return ERROR_OK or an error status if a command fails
915 */
916 int arm7_9_poll(target_t *target)
917 {
918 int retval;
919 armv4_5_common_t *armv4_5 = target->arch_info;
920 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
921 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
922
923 /* read debug status register */
924 embeddedice_read_reg(dbg_stat);
925 if ((retval = jtag_execute_queue()) != ERROR_OK)
926 {
927 return retval;
928 }
929
930 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1))
931 {
932 /* LOG_DEBUG("DBGACK set, dbg_state->value: 0x%x", buf_get_u32(dbg_stat->value, 0, 32));*/
933 if (target->state == TARGET_UNKNOWN)
934 {
935 /* Starting OpenOCD with target in debug-halt */
936 target->state = TARGET_RUNNING;
937 LOG_DEBUG("DBGACK already set during server startup.");
938 }
939 if ((target->state == TARGET_RUNNING) || (target->state == TARGET_RESET))
940 {
941 int check_pc = 0;
942 if (target->state == TARGET_RESET)
943 {
944 if (target->reset_halt)
945 {
946 enum reset_types jtag_reset_config = jtag_get_reset_config();
947 if ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0)
948 {
949 check_pc = 1;
950 }
951 }
952 }
953
954 target->state = TARGET_HALTED;
955
956 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
957 return retval;
958
959 if (check_pc)
960 {
961 reg_t *reg = register_get_by_name(target->reg_cache, "pc", 1);
962 uint32_t t=*((uint32_t *)reg->value);
963 if (t != 0)
964 {
965 LOG_ERROR("PC was not 0. Does this target need srst_pulls_trst?");
966 }
967 }
968
969 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
970 {
971 return retval;
972 }
973 }
974 if (target->state == TARGET_DEBUG_RUNNING)
975 {
976 target->state = TARGET_HALTED;
977 if ((retval = arm7_9_debug_entry(target)) != ERROR_OK)
978 return retval;
979
980 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_HALTED)) != ERROR_OK)
981 {
982 return retval;
983 }
984 }
985 if (target->state != TARGET_HALTED)
986 {
987 LOG_WARNING("DBGACK set, but the target did not end up in the halted state %d", target->state);
988 }
989 }
990 else
991 {
992 if (target->state != TARGET_DEBUG_RUNNING)
993 target->state = TARGET_RUNNING;
994 }
995
996 return ERROR_OK;
997 }
998
999 /**
1000 * Asserts the reset (SRST) on an ARM7/9 target. Some -S targets (ARM966E-S in
1001 * the STR912 isn't affected, ARM926EJ-S in the LPC3180 and AT91SAM9260 is
1002 * affected) completely stop the JTAG clock while the core is held in reset
1003 * (SRST). It isn't possible to program the halt condition once reset is
1004 * asserted, hence a hook that allows the target to set up its reset-halt
1005 * condition is setup prior to asserting reset.
1006 *
1007 * @param target Pointer to an ARM7/9 target to assert reset on
1008 * @return ERROR_FAIL if the JTAG device does not have SRST, otherwise ERROR_OK
1009 */
1010 int arm7_9_assert_reset(target_t *target)
1011 {
1012 armv4_5_common_t *armv4_5 = target->arch_info;
1013 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1014 LOG_DEBUG("target->state: %s",
1015 target_state_name(target));
1016
1017 enum reset_types jtag_reset_config = jtag_get_reset_config();
1018 if (!(jtag_reset_config & RESET_HAS_SRST))
1019 {
1020 LOG_ERROR("Can't assert SRST");
1021 return ERROR_FAIL;
1022 }
1023
1024 if (target->reset_halt)
1025 {
1026 /*
1027 * Some targets do not support communication while SRST is asserted. We need to
1028 * set up the reset vector catch here.
1029 *
1030 * If TRST is asserted, then these settings will be reset anyway, so setting them
1031 * here is harmless.
1032 */
1033 if (arm7_9->has_vector_catch)
1034 {
1035 /* program vector catch register to catch reset vector */
1036 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH], 0x1);
1037
1038 /* extra runtest added as issues were found with certain ARM9 cores (maybe more) - AT91SAM9260 and STR9 */
1039 jtag_add_runtest(1, jtag_get_end_state());
1040 }
1041 else
1042 {
1043 /* program watchpoint unit to match on reset vector address */
1044 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE], 0x0);
1045 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0x3);
1046 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1047 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1048 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1049 }
1050 }
1051
1052 /* here we should issue an SRST only, but we may have to assert TRST as well */
1053 if (jtag_reset_config & RESET_SRST_PULLS_TRST)
1054 {
1055 jtag_add_reset(1, 1);
1056 } else
1057 {
1058 jtag_add_reset(0, 1);
1059 }
1060
1061 target->state = TARGET_RESET;
1062 jtag_add_sleep(50000);
1063
1064 armv4_5_invalidate_core_regs(target);
1065
1066 if ((target->reset_halt) && ((jtag_reset_config & RESET_SRST_PULLS_TRST) == 0))
1067 {
1068 /* debug entry was already prepared in arm7_9_assert_reset() */
1069 target->debug_reason = DBG_REASON_DBGRQ;
1070 }
1071
1072 return ERROR_OK;
1073 }
1074
1075 /**
1076 * Deassert the reset (SRST) signal on an ARM7/9 target. If SRST pulls TRST
1077 * and the target is being reset into a halt, a warning will be triggered
1078 * because it is not possible to reset into a halted mode in this case. The
1079 * target is halted using the target's functions.
1080 *
1081 * @param target Pointer to the target to have the reset deasserted
1082 * @return ERROR_OK or an error from polling or halting the target
1083 */
1084 int arm7_9_deassert_reset(target_t *target)
1085 {
1086 int retval = ERROR_OK;
1087 LOG_DEBUG("target->state: %s",
1088 target_state_name(target));
1089
1090 /* deassert reset lines */
1091 jtag_add_reset(0, 0);
1092
1093 enum reset_types jtag_reset_config = jtag_get_reset_config();
1094 if (target->reset_halt && (jtag_reset_config & RESET_SRST_PULLS_TRST) != 0)
1095 {
1096 LOG_WARNING("srst pulls trst - can not reset into halted mode. Issuing halt after reset.");
1097 /* set up embedded ice registers again */
1098 if ((retval = target_examine_one(target)) != ERROR_OK)
1099 return retval;
1100
1101 if ((retval = target_poll(target)) != ERROR_OK)
1102 {
1103 return retval;
1104 }
1105
1106 if ((retval = target_halt(target)) != ERROR_OK)
1107 {
1108 return retval;
1109 }
1110
1111 }
1112 return retval;
1113 }
1114
1115 /**
1116 * Clears the halt condition for an ARM7/9 target. If it isn't coming out of
1117 * reset and if DBGRQ is used, it is progammed to be deasserted. If the reset
1118 * vector catch was used, it is restored. Otherwise, the control value is
1119 * restored and the watchpoint unit is restored if it was in use.
1120 *
1121 * @param target Pointer to the ARM7/9 target to have halt cleared
1122 * @return Always ERROR_OK
1123 */
1124 int arm7_9_clear_halt(target_t *target)
1125 {
1126 armv4_5_common_t *armv4_5 = target->arch_info;
1127 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1128 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1129
1130 /* we used DBGRQ only if we didn't come out of reset */
1131 if (!arm7_9->debug_entry_from_reset && arm7_9->use_dbgrq)
1132 {
1133 /* program EmbeddedICE Debug Control Register to deassert DBGRQ
1134 */
1135 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1136 embeddedice_store_reg(dbg_ctrl);
1137 }
1138 else
1139 {
1140 if (arm7_9->debug_entry_from_reset && arm7_9->has_vector_catch)
1141 {
1142 /* if we came out of reset, and vector catch is supported, we used
1143 * vector catch to enter debug state
1144 * restore the register in that case
1145 */
1146 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_VEC_CATCH]);
1147 }
1148 else
1149 {
1150 /* restore registers if watchpoint unit 0 was in use
1151 */
1152 if (arm7_9->wp0_used)
1153 {
1154 if (arm7_9->debug_entry_from_reset)
1155 {
1156 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_VALUE]);
1157 }
1158 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
1159 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
1160 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
1161 }
1162 /* control value always has to be restored, as it was either disabled,
1163 * or enabled with possibly different bits
1164 */
1165 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
1166 }
1167 }
1168
1169 return ERROR_OK;
1170 }
1171
1172 /**
1173 * Issue a software reset and halt to an ARM7/9 target. The target is halted
1174 * and then there is a wait until the processor shows the halt. This wait can
1175 * timeout and results in an error being returned. The software reset involves
1176 * clearing the halt, updating the debug control register, changing to ARM mode,
1177 * reset of the program counter, and reset of all of the registers.
1178 *
1179 * @param target Pointer to the ARM7/9 target to be reset and halted by software
1180 * @return Error status if any of the commands fail, otherwise ERROR_OK
1181 */
1182 int arm7_9_soft_reset_halt(struct target_s *target)
1183 {
1184 armv4_5_common_t *armv4_5 = target->arch_info;
1185 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1186 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1187 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1188 int i;
1189 int retval;
1190
1191 /* FIX!!! replace some of this code with tcl commands
1192 *
1193 * halt # the halt command is synchronous
1194 * armv4_5 core_state arm
1195 *
1196 */
1197
1198 if ((retval = target_halt(target)) != ERROR_OK)
1199 return retval;
1200
1201 long long then = timeval_ms();
1202 int timeout;
1203 while (!(timeout = ((timeval_ms()-then) > 1000)))
1204 {
1205 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_DBGACK, 1) != 0)
1206 break;
1207 embeddedice_read_reg(dbg_stat);
1208 if ((retval = jtag_execute_queue()) != ERROR_OK)
1209 return retval;
1210 if (debug_level >= 3)
1211 {
1212 alive_sleep(100);
1213 } else
1214 {
1215 keep_alive();
1216 }
1217 }
1218 if (timeout)
1219 {
1220 LOG_ERROR("Failed to halt CPU after 1 sec");
1221 return ERROR_TARGET_TIMEOUT;
1222 }
1223 target->state = TARGET_HALTED;
1224
1225 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1226 * ensure that DBGRQ is cleared
1227 */
1228 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1229 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1230 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1231 embeddedice_store_reg(dbg_ctrl);
1232
1233 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1234 {
1235 return retval;
1236 }
1237
1238 /* if the target is in Thumb state, change to ARM state */
1239 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1240 {
1241 uint32_t r0_thumb, pc_thumb;
1242 LOG_DEBUG("target entered debug from Thumb state, changing to ARM");
1243 /* Entered debug from Thumb mode */
1244 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1245 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1246 }
1247
1248 /* all register content is now invalid */
1249 if ((retval = armv4_5_invalidate_core_regs(target)) != ERROR_OK)
1250 {
1251 return retval;
1252 }
1253
1254 /* SVC, ARM state, IRQ and FIQ disabled */
1255 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8, 0xd3);
1256 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 1;
1257 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1258
1259 /* start fetching from 0x0 */
1260 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, 0x0);
1261 armv4_5->core_cache->reg_list[15].dirty = 1;
1262 armv4_5->core_cache->reg_list[15].valid = 1;
1263
1264 armv4_5->core_mode = ARMV4_5_MODE_SVC;
1265 armv4_5->core_state = ARMV4_5_STATE_ARM;
1266
1267 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1268 return ERROR_FAIL;
1269
1270 /* reset registers */
1271 for (i = 0; i <= 14; i++)
1272 {
1273 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, 0xffffffff);
1274 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 1;
1275 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1276 }
1277
1278 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
1279 {
1280 return retval;
1281 }
1282
1283 return ERROR_OK;
1284 }
1285
1286 /**
1287 * Halt an ARM7/9 target. This is accomplished by either asserting the DBGRQ
1288 * line or by programming a watchpoint to trigger on any address. It is
1289 * considered a bug to call this function while the target is in the
1290 * TARGET_RESET state.
1291 *
1292 * @param target Pointer to the ARM7/9 target to be halted
1293 * @return Always ERROR_OK
1294 */
1295 int arm7_9_halt(target_t *target)
1296 {
1297 if (target->state == TARGET_RESET)
1298 {
1299 LOG_ERROR("BUG: arm7/9 does not support halt during reset. This is handled in arm7_9_assert_reset()");
1300 return ERROR_OK;
1301 }
1302
1303 armv4_5_common_t *armv4_5 = target->arch_info;
1304 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1305 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1306
1307 LOG_DEBUG("target->state: %s",
1308 target_state_name(target));
1309
1310 if (target->state == TARGET_HALTED)
1311 {
1312 LOG_DEBUG("target was already halted");
1313 return ERROR_OK;
1314 }
1315
1316 if (target->state == TARGET_UNKNOWN)
1317 {
1318 LOG_WARNING("target was in unknown state when halt was requested");
1319 }
1320
1321 if (arm7_9->use_dbgrq)
1322 {
1323 /* program EmbeddedICE Debug Control Register to assert DBGRQ
1324 */
1325 if (arm7_9->set_special_dbgrq) {
1326 arm7_9->set_special_dbgrq(target);
1327 } else {
1328 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 1);
1329 embeddedice_store_reg(dbg_ctrl);
1330 }
1331 }
1332 else
1333 {
1334 /* program watchpoint unit to match on any address
1335 */
1336 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1337 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1338 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1339 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
1340 }
1341
1342 target->debug_reason = DBG_REASON_DBGRQ;
1343
1344 return ERROR_OK;
1345 }
1346
1347 /**
1348 * Handle an ARM7/9 target's entry into debug mode. The halt is cleared on the
1349 * ARM. The JTAG queue is then executed and the reason for debug entry is
1350 * examined. Once done, the target is verified to be halted and the processor
1351 * is forced into ARM mode. The core registers are saved for the current core
1352 * mode and the program counter (register 15) is updated as needed. The core
1353 * registers and CPSR and SPSR are saved for restoration later.
1354 *
1355 * @param target Pointer to target that is entering debug mode
1356 * @return Error code if anything fails, otherwise ERROR_OK
1357 */
1358 int arm7_9_debug_entry(target_t *target)
1359 {
1360 int i;
1361 uint32_t context[16];
1362 uint32_t* context_p[16];
1363 uint32_t r0_thumb, pc_thumb;
1364 uint32_t cpsr;
1365 int retval;
1366 /* get pointers to arch-specific information */
1367 armv4_5_common_t *armv4_5 = target->arch_info;
1368 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1369 reg_t *dbg_stat = &arm7_9->eice_cache->reg_list[EICE_DBG_STAT];
1370 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1371
1372 #ifdef _DEBUG_ARM7_9_
1373 LOG_DEBUG("-");
1374 #endif
1375
1376 if (arm7_9->pre_debug_entry)
1377 arm7_9->pre_debug_entry(target);
1378
1379 /* program EmbeddedICE Debug Control Register to assert DBGACK and INTDIS
1380 * ensure that DBGRQ is cleared
1381 */
1382 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
1383 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGRQ, 1, 0);
1384 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 1);
1385 embeddedice_store_reg(dbg_ctrl);
1386
1387 if ((retval = arm7_9_clear_halt(target)) != ERROR_OK)
1388 {
1389 return retval;
1390 }
1391
1392 if ((retval = jtag_execute_queue()) != ERROR_OK)
1393 {
1394 return retval;
1395 }
1396
1397 if ((retval = arm7_9->examine_debug_reason(target)) != ERROR_OK)
1398 return retval;
1399
1400
1401 if (target->state != TARGET_HALTED)
1402 {
1403 LOG_WARNING("target not halted");
1404 return ERROR_TARGET_NOT_HALTED;
1405 }
1406
1407 /* if the target is in Thumb state, change to ARM state */
1408 if (buf_get_u32(dbg_stat->value, EICE_DBG_STATUS_ITBIT, 1))
1409 {
1410 LOG_DEBUG("target entered debug from Thumb state");
1411 /* Entered debug from Thumb mode */
1412 armv4_5->core_state = ARMV4_5_STATE_THUMB;
1413 arm7_9->change_to_arm(target, &r0_thumb, &pc_thumb);
1414 LOG_DEBUG("r0_thumb: 0x%8.8" PRIx32 ", pc_thumb: 0x%8.8" PRIx32 "", r0_thumb, pc_thumb);
1415 }
1416 else
1417 {
1418 LOG_DEBUG("target entered debug from ARM state");
1419 /* Entered debug from ARM mode */
1420 armv4_5->core_state = ARMV4_5_STATE_ARM;
1421 }
1422
1423 for (i = 0; i < 16; i++)
1424 context_p[i] = &context[i];
1425 /* save core registers (r0 - r15 of current core mode) */
1426 arm7_9->read_core_regs(target, 0xffff, context_p);
1427
1428 arm7_9->read_xpsr(target, &cpsr, 0);
1429
1430 if ((retval = jtag_execute_queue()) != ERROR_OK)
1431 return retval;
1432
1433 /* if the core has been executing in Thumb state, set the T bit */
1434 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1435 cpsr |= 0x20;
1436
1437 buf_set_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32, cpsr);
1438 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1439 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1440
1441 armv4_5->core_mode = cpsr & 0x1f;
1442
1443 if (armv4_5_mode_to_number(armv4_5->core_mode) == -1)
1444 {
1445 target->state = TARGET_UNKNOWN;
1446 LOG_ERROR("cpsr contains invalid mode value - communication failure");
1447 return ERROR_TARGET_FAILURE;
1448 }
1449
1450 LOG_DEBUG("target entered debug state in %s mode", armv4_5_mode_strings[armv4_5_mode_to_number(armv4_5->core_mode)]);
1451
1452 if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1453 {
1454 LOG_DEBUG("thumb state, applying fixups");
1455 context[0] = r0_thumb;
1456 context[15] = pc_thumb;
1457 } else if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1458 {
1459 /* adjust value stored by STM */
1460 context[15] -= 3 * 4;
1461 }
1462
1463 if ((target->debug_reason != DBG_REASON_DBGRQ) || (!arm7_9->use_dbgrq))
1464 context[15] -= 3 * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1465 else
1466 context[15] -= arm7_9->dbgreq_adjust_pc * ((armv4_5->core_state == ARMV4_5_STATE_ARM) ? 4 : 2);
1467
1468 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1469 return ERROR_FAIL;
1470
1471 for (i = 0; i <= 15; i++)
1472 {
1473 LOG_DEBUG("r%i: 0x%8.8" PRIx32 "", i, context[i]);
1474 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).value, 0, 32, context[i]);
1475 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = 0;
1476 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid = 1;
1477 }
1478
1479 LOG_DEBUG("entered debug state at PC 0x%" PRIx32 "", context[15]);
1480
1481 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1482 return ERROR_FAIL;
1483
1484 /* exceptions other than USR & SYS have a saved program status register */
1485 if ((armv4_5->core_mode != ARMV4_5_MODE_USR) && (armv4_5->core_mode != ARMV4_5_MODE_SYS))
1486 {
1487 uint32_t spsr;
1488 arm7_9->read_xpsr(target, &spsr, 1);
1489 if ((retval = jtag_execute_queue()) != ERROR_OK)
1490 {
1491 return retval;
1492 }
1493 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).value, 0, 32, spsr);
1494 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).dirty = 0;
1495 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 16).valid = 1;
1496 }
1497
1498 /* r0 and r15 (pc) have to be restored later */
1499 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 0).valid;
1500 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, 15).valid;
1501
1502 if ((retval = jtag_execute_queue()) != ERROR_OK)
1503 return retval;
1504
1505 if (arm7_9->post_debug_entry)
1506 arm7_9->post_debug_entry(target);
1507
1508 return ERROR_OK;
1509 }
1510
1511 /**
1512 * Validate the full context for an ARM7/9 target in all processor modes. If
1513 * there are any invalid registers for the target, they will all be read. This
1514 * includes the PSR.
1515 *
1516 * @param target Pointer to the ARM7/9 target to capture the full context from
1517 * @return Error if the target is not halted, has an invalid core mode, or if
1518 * the JTAG queue fails to execute
1519 */
1520 int arm7_9_full_context(target_t *target)
1521 {
1522 int i;
1523 int retval;
1524 armv4_5_common_t *armv4_5 = target->arch_info;
1525 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1526
1527 LOG_DEBUG("-");
1528
1529 if (target->state != TARGET_HALTED)
1530 {
1531 LOG_WARNING("target not halted");
1532 return ERROR_TARGET_NOT_HALTED;
1533 }
1534
1535 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1536 return ERROR_FAIL;
1537
1538 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1539 * SYS shares registers with User, so we don't touch SYS
1540 */
1541 for (i = 0; i < 6; i++)
1542 {
1543 uint32_t mask = 0;
1544 uint32_t* reg_p[16];
1545 int j;
1546 int valid = 1;
1547
1548 /* check if there are invalid registers in the current mode
1549 */
1550 for (j = 0; j <= 16; j++)
1551 {
1552 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1553 valid = 0;
1554 }
1555
1556 if (!valid)
1557 {
1558 uint32_t tmp_cpsr;
1559
1560 /* change processor mode (and mask T bit) */
1561 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1562 tmp_cpsr |= armv4_5_number_to_mode(i);
1563 tmp_cpsr &= ~0x20;
1564 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1565
1566 for (j = 0; j < 15; j++)
1567 {
1568 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid == 0)
1569 {
1570 reg_p[j] = (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).value;
1571 mask |= 1 << j;
1572 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).valid = 1;
1573 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j).dirty = 0;
1574 }
1575 }
1576
1577 /* if only the PSR is invalid, mask is all zeroes */
1578 if (mask)
1579 arm7_9->read_core_regs(target, mask, reg_p);
1580
1581 /* check if the PSR has to be read */
1582 if (ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid == 0)
1583 {
1584 arm7_9->read_xpsr(target, (uint32_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).value, 1);
1585 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).valid = 1;
1586 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16).dirty = 0;
1587 }
1588 }
1589 }
1590
1591 /* restore processor mode (mask T bit) */
1592 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
1593
1594 if ((retval = jtag_execute_queue()) != ERROR_OK)
1595 {
1596 return retval;
1597 }
1598 return ERROR_OK;
1599 }
1600
1601 /**
1602 * Restore the processor context on an ARM7/9 target. The full processor
1603 * context is analyzed to see if any of the registers are dirty on this end, but
1604 * have a valid new value. If this is the case, the processor is changed to the
1605 * appropriate mode and the new register values are written out to the
1606 * processor. If there happens to be a dirty register with an invalid value, an
1607 * error will be logged.
1608 *
1609 * @param target Pointer to the ARM7/9 target to have its context restored
1610 * @return Error status if the target is not halted or the core mode in the
1611 * armv4_5 struct is invalid.
1612 */
1613 int arm7_9_restore_context(target_t *target)
1614 {
1615 armv4_5_common_t *armv4_5 = target->arch_info;
1616 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1617 reg_t *reg;
1618 armv4_5_core_reg_t *reg_arch_info;
1619 enum armv4_5_mode current_mode = armv4_5->core_mode;
1620 int i, j;
1621 int dirty;
1622 int mode_change;
1623
1624 LOG_DEBUG("-");
1625
1626 if (target->state != TARGET_HALTED)
1627 {
1628 LOG_WARNING("target not halted");
1629 return ERROR_TARGET_NOT_HALTED;
1630 }
1631
1632 if (arm7_9->pre_restore_context)
1633 arm7_9->pre_restore_context(target);
1634
1635 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
1636 return ERROR_FAIL;
1637
1638 /* iterate through processor modes (User, FIQ, IRQ, SVC, ABT, UND)
1639 * SYS shares registers with User, so we don't touch SYS
1640 */
1641 for (i = 0; i < 6; i++)
1642 {
1643 LOG_DEBUG("examining %s mode", armv4_5_mode_strings[i]);
1644 dirty = 0;
1645 mode_change = 0;
1646 /* check if there are dirty registers in the current mode
1647 */
1648 for (j = 0; j <= 16; j++)
1649 {
1650 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1651 reg_arch_info = reg->arch_info;
1652 if (reg->dirty == 1)
1653 {
1654 if (reg->valid == 1)
1655 {
1656 dirty = 1;
1657 LOG_DEBUG("examining dirty reg: %s", reg->name);
1658 if ((reg_arch_info->mode != ARMV4_5_MODE_ANY)
1659 && (reg_arch_info->mode != current_mode)
1660 && !((reg_arch_info->mode == ARMV4_5_MODE_USR) && (armv4_5->core_mode == ARMV4_5_MODE_SYS))
1661 && !((reg_arch_info->mode == ARMV4_5_MODE_SYS) && (armv4_5->core_mode == ARMV4_5_MODE_USR)))
1662 {
1663 mode_change = 1;
1664 LOG_DEBUG("require mode change");
1665 }
1666 }
1667 else
1668 {
1669 LOG_ERROR("BUG: dirty register '%s', but no valid data", reg->name);
1670 }
1671 }
1672 }
1673
1674 if (dirty)
1675 {
1676 uint32_t mask = 0x0;
1677 int num_regs = 0;
1678 uint32_t regs[16];
1679
1680 if (mode_change)
1681 {
1682 uint32_t tmp_cpsr;
1683
1684 /* change processor mode (mask T bit) */
1685 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1686 tmp_cpsr |= armv4_5_number_to_mode(i);
1687 tmp_cpsr &= ~0x20;
1688 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1689 current_mode = armv4_5_number_to_mode(i);
1690 }
1691
1692 for (j = 0; j <= 14; j++)
1693 {
1694 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), j);
1695 reg_arch_info = reg->arch_info;
1696
1697
1698 if (reg->dirty == 1)
1699 {
1700 regs[j] = buf_get_u32(reg->value, 0, 32);
1701 mask |= 1 << j;
1702 num_regs++;
1703 reg->dirty = 0;
1704 reg->valid = 1;
1705 LOG_DEBUG("writing register %i of mode %s with value 0x%8.8" PRIx32 "", j, armv4_5_mode_strings[i], regs[j]);
1706 }
1707 }
1708
1709 if (mask)
1710 {
1711 arm7_9->write_core_regs(target, mask, regs);
1712 }
1713
1714 reg = &ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5_number_to_mode(i), 16);
1715 reg_arch_info = reg->arch_info;
1716 if ((reg->dirty) && (reg_arch_info->mode != ARMV4_5_MODE_ANY))
1717 {
1718 LOG_DEBUG("writing SPSR of mode %i with value 0x%8.8" PRIx32 "", i, buf_get_u32(reg->value, 0, 32));
1719 arm7_9->write_xpsr(target, buf_get_u32(reg->value, 0, 32), 1);
1720 }
1721 }
1722 }
1723
1724 if ((armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 0) && (armv4_5->core_mode != current_mode))
1725 {
1726 /* restore processor mode (mask T bit) */
1727 uint32_t tmp_cpsr;
1728
1729 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
1730 tmp_cpsr |= armv4_5_number_to_mode(i);
1731 tmp_cpsr &= ~0x20;
1732 LOG_DEBUG("writing lower 8 bit of cpsr with value 0x%2.2x", (unsigned)(tmp_cpsr));
1733 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
1734 }
1735 else if (armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty == 1)
1736 {
1737 /* CPSR has been changed, full restore necessary (mask T bit) */
1738 LOG_DEBUG("writing cpsr with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32));
1739 arm7_9->write_xpsr(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 32) & ~0x20, 0);
1740 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].dirty = 0;
1741 armv4_5->core_cache->reg_list[ARMV4_5_CPSR].valid = 1;
1742 }
1743
1744 /* restore PC */
1745 LOG_DEBUG("writing PC with value 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1746 arm7_9->write_pc(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1747 armv4_5->core_cache->reg_list[15].dirty = 0;
1748
1749 if (arm7_9->post_restore_context)
1750 arm7_9->post_restore_context(target);
1751
1752 return ERROR_OK;
1753 }
1754
1755 /**
1756 * Restart the core of an ARM7/9 target. A RESTART command is sent to the
1757 * instruction register and the JTAG state is set to TAP_IDLE causing a core
1758 * restart.
1759 *
1760 * @param target Pointer to the ARM7/9 target to be restarted
1761 * @return Result of executing the JTAG queue
1762 */
1763 int arm7_9_restart_core(struct target_s *target)
1764 {
1765 armv4_5_common_t *armv4_5 = target->arch_info;
1766 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1767 arm_jtag_t *jtag_info = &arm7_9->jtag_info;
1768
1769 /* set RESTART instruction */
1770 jtag_set_end_state(TAP_IDLE);
1771 if (arm7_9->need_bypass_before_restart) {
1772 arm7_9->need_bypass_before_restart = 0;
1773 arm_jtag_set_instr(jtag_info, 0xf, NULL);
1774 }
1775 arm_jtag_set_instr(jtag_info, 0x4, NULL);
1776
1777 jtag_add_runtest(1, jtag_set_end_state(TAP_IDLE));
1778 return jtag_execute_queue();
1779 }
1780
1781 /**
1782 * Enable the watchpoints on an ARM7/9 target. The target's watchpoints are
1783 * iterated through and are set on the target if they aren't already set.
1784 *
1785 * @param target Pointer to the ARM7/9 target to enable watchpoints on
1786 */
1787 void arm7_9_enable_watchpoints(struct target_s *target)
1788 {
1789 watchpoint_t *watchpoint = target->watchpoints;
1790
1791 while (watchpoint)
1792 {
1793 if (watchpoint->set == 0)
1794 arm7_9_set_watchpoint(target, watchpoint);
1795 watchpoint = watchpoint->next;
1796 }
1797 }
1798
1799 /**
1800 * Enable the breakpoints on an ARM7/9 target. The target's breakpoints are
1801 * iterated through and are set on the target.
1802 *
1803 * @param target Pointer to the ARM7/9 target to enable breakpoints on
1804 */
1805 void arm7_9_enable_breakpoints(struct target_s *target)
1806 {
1807 breakpoint_t *breakpoint = target->breakpoints;
1808
1809 /* set any pending breakpoints */
1810 while (breakpoint)
1811 {
1812 arm7_9_set_breakpoint(target, breakpoint);
1813 breakpoint = breakpoint->next;
1814 }
1815 }
1816
1817 int arm7_9_resume(struct target_s *target, int current, uint32_t address, int handle_breakpoints, int debug_execution)
1818 {
1819 armv4_5_common_t *armv4_5 = target->arch_info;
1820 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1821 breakpoint_t *breakpoint = target->breakpoints;
1822 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
1823 int err, retval = ERROR_OK;
1824
1825 LOG_DEBUG("-");
1826
1827 if (target->state != TARGET_HALTED)
1828 {
1829 LOG_WARNING("target not halted");
1830 return ERROR_TARGET_NOT_HALTED;
1831 }
1832
1833 if (!debug_execution)
1834 {
1835 target_free_all_working_areas(target);
1836 }
1837
1838 /* current = 1: continue on current pc, otherwise continue at <address> */
1839 if (!current)
1840 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
1841
1842 uint32_t current_pc;
1843 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1844
1845 /* the front-end may request us not to handle breakpoints */
1846 if (handle_breakpoints)
1847 {
1848 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
1849 {
1850 LOG_DEBUG("unset breakpoint at 0x%8.8" PRIx32 " (id: %d)", breakpoint->address, breakpoint->unique_id );
1851 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
1852 {
1853 return retval;
1854 }
1855
1856 /* calculate PC of next instruction */
1857 uint32_t next_pc;
1858 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
1859 {
1860 uint32_t current_opcode;
1861 target_read_u32(target, current_pc, &current_opcode);
1862 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
1863 return retval;
1864 }
1865
1866 LOG_DEBUG("enable single-step");
1867 arm7_9->enable_single_step(target, next_pc);
1868
1869 target->debug_reason = DBG_REASON_SINGLESTEP;
1870
1871 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1872 {
1873 return retval;
1874 }
1875
1876 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1877 arm7_9->branch_resume(target);
1878 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1879 {
1880 arm7_9->branch_resume_thumb(target);
1881 }
1882 else
1883 {
1884 LOG_ERROR("unhandled core state");
1885 return ERROR_FAIL;
1886 }
1887
1888 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1889 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1890 err = arm7_9_execute_sys_speed(target);
1891
1892 LOG_DEBUG("disable single-step");
1893 arm7_9->disable_single_step(target);
1894
1895 if (err != ERROR_OK)
1896 {
1897 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1898 {
1899 return retval;
1900 }
1901 target->state = TARGET_UNKNOWN;
1902 return err;
1903 }
1904
1905 arm7_9_debug_entry(target);
1906 LOG_DEBUG("new PC after step: 0x%8.8" PRIx32 "", buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32));
1907
1908 LOG_DEBUG("set breakpoint at 0x%8.8" PRIx32 "", breakpoint->address);
1909 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
1910 {
1911 return retval;
1912 }
1913 }
1914 }
1915
1916 /* enable any pending breakpoints and watchpoints */
1917 arm7_9_enable_breakpoints(target);
1918 arm7_9_enable_watchpoints(target);
1919
1920 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
1921 {
1922 return retval;
1923 }
1924
1925 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
1926 {
1927 arm7_9->branch_resume(target);
1928 }
1929 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
1930 {
1931 arm7_9->branch_resume_thumb(target);
1932 }
1933 else
1934 {
1935 LOG_ERROR("unhandled core state");
1936 return ERROR_FAIL;
1937 }
1938
1939 /* deassert DBGACK and INTDIS */
1940 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
1941 /* INTDIS only when we really resume, not during debug execution */
1942 if (!debug_execution)
1943 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_INTDIS, 1, 0);
1944 embeddedice_write_reg(dbg_ctrl, buf_get_u32(dbg_ctrl->value, 0, dbg_ctrl->size));
1945
1946 if ((retval = arm7_9_restart_core(target)) != ERROR_OK)
1947 {
1948 return retval;
1949 }
1950
1951 target->debug_reason = DBG_REASON_NOTHALTED;
1952
1953 if (!debug_execution)
1954 {
1955 /* registers are now invalid */
1956 armv4_5_invalidate_core_regs(target);
1957 target->state = TARGET_RUNNING;
1958 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
1959 {
1960 return retval;
1961 }
1962 }
1963 else
1964 {
1965 target->state = TARGET_DEBUG_RUNNING;
1966 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_DEBUG_RESUMED)) != ERROR_OK)
1967 {
1968 return retval;
1969 }
1970 }
1971
1972 LOG_DEBUG("target resumed");
1973
1974 return ERROR_OK;
1975 }
1976
1977 void arm7_9_enable_eice_step(target_t *target, uint32_t next_pc)
1978 {
1979 armv4_5_common_t *armv4_5 = target->arch_info;
1980 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
1981
1982 uint32_t current_pc;
1983 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
1984
1985 if (next_pc != current_pc)
1986 {
1987 /* setup an inverse breakpoint on the current PC
1988 * - comparator 1 matches the current address
1989 * - rangeout from comparator 1 is connected to comparator 0 rangein
1990 * - comparator 0 matches any address, as long as rangein is low */
1991 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
1992 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
1993 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
1994 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], ~(EICE_W_CTRL_RANGE | EICE_W_CTRL_nOPC) & 0xff);
1995 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], current_pc);
1996 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
1997 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
1998 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], 0x0);
1999 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
2000 }
2001 else
2002 {
2003 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK], 0xffffffff);
2004 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK], 0xffffffff);
2005 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE], 0x0);
2006 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK], 0xff);
2007 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE], next_pc);
2008 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK], 0);
2009 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK], 0xffffffff);
2010 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE], EICE_W_CTRL_ENABLE);
2011 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK], ~EICE_W_CTRL_nOPC & 0xff);
2012 }
2013 }
2014
2015 void arm7_9_disable_eice_step(target_t *target)
2016 {
2017 armv4_5_common_t *armv4_5 = target->arch_info;
2018 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2019
2020 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_ADDR_MASK]);
2021 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_DATA_MASK]);
2022 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_VALUE]);
2023 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W0_CONTROL_MASK]);
2024 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_VALUE]);
2025 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_ADDR_MASK]);
2026 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_DATA_MASK]);
2027 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_MASK]);
2028 embeddedice_store_reg(&arm7_9->eice_cache->reg_list[EICE_W1_CONTROL_VALUE]);
2029 }
2030
2031 int arm7_9_step(struct target_s *target, int current, uint32_t address, int handle_breakpoints)
2032 {
2033 armv4_5_common_t *armv4_5 = target->arch_info;
2034 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2035 breakpoint_t *breakpoint = NULL;
2036 int err, retval;
2037
2038 if (target->state != TARGET_HALTED)
2039 {
2040 LOG_WARNING("target not halted");
2041 return ERROR_TARGET_NOT_HALTED;
2042 }
2043
2044 /* current = 1: continue on current pc, otherwise continue at <address> */
2045 if (!current)
2046 buf_set_u32(armv4_5->core_cache->reg_list[15].value, 0, 32, address);
2047
2048 uint32_t current_pc;
2049 current_pc = buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32);
2050
2051 /* the front-end may request us not to handle breakpoints */
2052 if (handle_breakpoints)
2053 if ((breakpoint = breakpoint_find(target, buf_get_u32(armv4_5->core_cache->reg_list[15].value, 0, 32))))
2054 if ((retval = arm7_9_unset_breakpoint(target, breakpoint)) != ERROR_OK)
2055 {
2056 return retval;
2057 }
2058
2059 target->debug_reason = DBG_REASON_SINGLESTEP;
2060
2061 /* calculate PC of next instruction */
2062 uint32_t next_pc;
2063 if ((retval = arm_simulate_step(target, &next_pc)) != ERROR_OK)
2064 {
2065 uint32_t current_opcode;
2066 target_read_u32(target, current_pc, &current_opcode);
2067 LOG_ERROR("Couldn't calculate PC of next instruction, current opcode was 0x%8.8" PRIx32 "", current_opcode);
2068 return retval;
2069 }
2070
2071 if ((retval = arm7_9_restore_context(target)) != ERROR_OK)
2072 {
2073 return retval;
2074 }
2075
2076 arm7_9->enable_single_step(target, next_pc);
2077
2078 if (armv4_5->core_state == ARMV4_5_STATE_ARM)
2079 {
2080 arm7_9->branch_resume(target);
2081 }
2082 else if (armv4_5->core_state == ARMV4_5_STATE_THUMB)
2083 {
2084 arm7_9->branch_resume_thumb(target);
2085 }
2086 else
2087 {
2088 LOG_ERROR("unhandled core state");
2089 return ERROR_FAIL;
2090 }
2091
2092 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_RESUMED)) != ERROR_OK)
2093 {
2094 return retval;
2095 }
2096
2097 err = arm7_9_execute_sys_speed(target);
2098 arm7_9->disable_single_step(target);
2099
2100 /* registers are now invalid */
2101 armv4_5_invalidate_core_regs(target);
2102
2103 if (err != ERROR_OK)
2104 {
2105 target->state = TARGET_UNKNOWN;
2106 } else {
2107 arm7_9_debug_entry(target);
2108 if ((retval = target_call_event_callbacks(target, TARGET_EVENT_HALTED)) != ERROR_OK)
2109 {
2110 return retval;
2111 }
2112 LOG_DEBUG("target stepped");
2113 }
2114
2115 if (breakpoint)
2116 if ((retval = arm7_9_set_breakpoint(target, breakpoint)) != ERROR_OK)
2117 {
2118 return retval;
2119 }
2120
2121 return err;
2122 }
2123
2124 int arm7_9_read_core_reg(struct target_s *target, int num, enum armv4_5_mode mode)
2125 {
2126 uint32_t* reg_p[16];
2127 uint32_t value;
2128 int retval;
2129 armv4_5_common_t *armv4_5 = target->arch_info;
2130 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2131
2132 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2133 return ERROR_FAIL;
2134
2135 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2136
2137 if ((num < 0) || (num > 16))
2138 return ERROR_INVALID_ARGUMENTS;
2139
2140 if ((mode != ARMV4_5_MODE_ANY)
2141 && (mode != armv4_5->core_mode)
2142 && (reg_mode != ARMV4_5_MODE_ANY))
2143 {
2144 uint32_t tmp_cpsr;
2145
2146 /* change processor mode (mask T bit) */
2147 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2148 tmp_cpsr |= mode;
2149 tmp_cpsr &= ~0x20;
2150 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2151 }
2152
2153 if ((num >= 0) && (num <= 15))
2154 {
2155 /* read a normal core register */
2156 reg_p[num] = &value;
2157
2158 arm7_9->read_core_regs(target, 1 << num, reg_p);
2159 }
2160 else
2161 {
2162 /* read a program status register
2163 * if the register mode is MODE_ANY, we read the cpsr, otherwise a spsr
2164 */
2165 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2166 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2167
2168 arm7_9->read_xpsr(target, &value, spsr);
2169 }
2170
2171 if ((retval = jtag_execute_queue()) != ERROR_OK)
2172 {
2173 return retval;
2174 }
2175
2176 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2177 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2178 buf_set_u32(ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).value, 0, 32, value);
2179
2180 if ((mode != ARMV4_5_MODE_ANY)
2181 && (mode != armv4_5->core_mode)
2182 && (reg_mode != ARMV4_5_MODE_ANY)) {
2183 /* restore processor mode (mask T bit) */
2184 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2185 }
2186
2187 return ERROR_OK;
2188 }
2189
2190 int arm7_9_write_core_reg(struct target_s *target, int num, enum armv4_5_mode mode, uint32_t value)
2191 {
2192 uint32_t reg[16];
2193 armv4_5_common_t *armv4_5 = target->arch_info;
2194 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2195
2196 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2197 return ERROR_FAIL;
2198
2199 enum armv4_5_mode reg_mode = ((armv4_5_core_reg_t*)ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info)->mode;
2200
2201 if ((num < 0) || (num > 16))
2202 return ERROR_INVALID_ARGUMENTS;
2203
2204 if ((mode != ARMV4_5_MODE_ANY)
2205 && (mode != armv4_5->core_mode)
2206 && (reg_mode != ARMV4_5_MODE_ANY)) {
2207 uint32_t tmp_cpsr;
2208
2209 /* change processor mode (mask T bit) */
2210 tmp_cpsr = buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & 0xE0;
2211 tmp_cpsr |= mode;
2212 tmp_cpsr &= ~0x20;
2213 arm7_9->write_xpsr_im8(target, tmp_cpsr & 0xff, 0, 0);
2214 }
2215
2216 if ((num >= 0) && (num <= 15))
2217 {
2218 /* write a normal core register */
2219 reg[num] = value;
2220
2221 arm7_9->write_core_regs(target, 1 << num, reg);
2222 }
2223 else
2224 {
2225 /* write a program status register
2226 * if the register mode is MODE_ANY, we write the cpsr, otherwise a spsr
2227 */
2228 armv4_5_core_reg_t *arch_info = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).arch_info;
2229 int spsr = (arch_info->mode == ARMV4_5_MODE_ANY) ? 0 : 1;
2230
2231 /* if we're writing the CPSR, mask the T bit */
2232 if (!spsr)
2233 value &= ~0x20;
2234
2235 arm7_9->write_xpsr(target, value, spsr);
2236 }
2237
2238 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).valid = 1;
2239 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, mode, num).dirty = 0;
2240
2241 if ((mode != ARMV4_5_MODE_ANY)
2242 && (mode != armv4_5->core_mode)
2243 && (reg_mode != ARMV4_5_MODE_ANY)) {
2244 /* restore processor mode (mask T bit) */
2245 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2246 }
2247
2248 return jtag_execute_queue();
2249 }
2250
2251 int arm7_9_read_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2252 {
2253 armv4_5_common_t *armv4_5 = target->arch_info;
2254 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2255
2256 uint32_t reg[16];
2257 uint32_t num_accesses = 0;
2258 int thisrun_accesses;
2259 int i;
2260 uint32_t cpsr;
2261 int retval;
2262 int last_reg = 0;
2263
2264 LOG_DEBUG("address: 0x%8.8" PRIx32 ", size: 0x%8.8" PRIx32 ", count: 0x%8.8" PRIx32 "", address, size, count);
2265
2266 if (target->state != TARGET_HALTED)
2267 {
2268 LOG_WARNING("target not halted");
2269 return ERROR_TARGET_NOT_HALTED;
2270 }
2271
2272 /* sanitize arguments */
2273 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2274 return ERROR_INVALID_ARGUMENTS;
2275
2276 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2277 return ERROR_TARGET_UNALIGNED_ACCESS;
2278
2279 /* load the base register with the address of the first word */
2280 reg[0] = address;
2281 arm7_9->write_core_regs(target, 0x1, reg);
2282
2283 int j = 0;
2284
2285 switch (size)
2286 {
2287 case 4:
2288 while (num_accesses < count)
2289 {
2290 uint32_t reg_list;
2291 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2292 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2293
2294 if (last_reg <= thisrun_accesses)
2295 last_reg = thisrun_accesses;
2296
2297 arm7_9->load_word_regs(target, reg_list);
2298
2299 /* fast memory reads are only safe when the target is running
2300 * from a sufficiently high clock (32 kHz is usually too slow)
2301 */
2302 if (arm7_9->fast_memory_access)
2303 retval = arm7_9_execute_fast_sys_speed(target);
2304 else
2305 retval = arm7_9_execute_sys_speed(target);
2306 if (retval != ERROR_OK)
2307 return retval;
2308
2309 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 4);
2310
2311 /* advance buffer, count number of accesses */
2312 buffer += thisrun_accesses * 4;
2313 num_accesses += thisrun_accesses;
2314
2315 if ((j++%1024) == 0)
2316 {
2317 keep_alive();
2318 }
2319 }
2320 break;
2321 case 2:
2322 while (num_accesses < count)
2323 {
2324 uint32_t reg_list;
2325 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2326 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2327
2328 for (i = 1; i <= thisrun_accesses; i++)
2329 {
2330 if (i > last_reg)
2331 last_reg = i;
2332 arm7_9->load_hword_reg(target, i);
2333 /* fast memory reads are only safe when the target is running
2334 * from a sufficiently high clock (32 kHz is usually too slow)
2335 */
2336 if (arm7_9->fast_memory_access)
2337 retval = arm7_9_execute_fast_sys_speed(target);
2338 else
2339 retval = arm7_9_execute_sys_speed(target);
2340 if (retval != ERROR_OK)
2341 {
2342 return retval;
2343 }
2344
2345 }
2346
2347 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 2);
2348
2349 /* advance buffer, count number of accesses */
2350 buffer += thisrun_accesses * 2;
2351 num_accesses += thisrun_accesses;
2352
2353 if ((j++%1024) == 0)
2354 {
2355 keep_alive();
2356 }
2357 }
2358 break;
2359 case 1:
2360 while (num_accesses < count)
2361 {
2362 uint32_t reg_list;
2363 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2364 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2365
2366 for (i = 1; i <= thisrun_accesses; i++)
2367 {
2368 if (i > last_reg)
2369 last_reg = i;
2370 arm7_9->load_byte_reg(target, i);
2371 /* fast memory reads are only safe when the target is running
2372 * from a sufficiently high clock (32 kHz is usually too slow)
2373 */
2374 if (arm7_9->fast_memory_access)
2375 retval = arm7_9_execute_fast_sys_speed(target);
2376 else
2377 retval = arm7_9_execute_sys_speed(target);
2378 if (retval != ERROR_OK)
2379 {
2380 return retval;
2381 }
2382 }
2383
2384 arm7_9->read_core_regs_target_buffer(target, reg_list, buffer, 1);
2385
2386 /* advance buffer, count number of accesses */
2387 buffer += thisrun_accesses * 1;
2388 num_accesses += thisrun_accesses;
2389
2390 if ((j++%1024) == 0)
2391 {
2392 keep_alive();
2393 }
2394 }
2395 break;
2396 default:
2397 LOG_ERROR("BUG: we shouldn't get here");
2398 exit(-1);
2399 break;
2400 }
2401
2402 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2403 return ERROR_FAIL;
2404
2405 for (i = 0; i <= last_reg; i++)
2406 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2407
2408 arm7_9->read_xpsr(target, &cpsr, 0);
2409 if ((retval = jtag_execute_queue()) != ERROR_OK)
2410 {
2411 LOG_ERROR("JTAG error while reading cpsr");
2412 return ERROR_TARGET_DATA_ABORT;
2413 }
2414
2415 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2416 {
2417 LOG_WARNING("memory read caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2418
2419 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2420
2421 return ERROR_TARGET_DATA_ABORT;
2422 }
2423
2424 return ERROR_OK;
2425 }
2426
2427 int arm7_9_write_memory(struct target_s *target, uint32_t address, uint32_t size, uint32_t count, uint8_t *buffer)
2428 {
2429 armv4_5_common_t *armv4_5 = target->arch_info;
2430 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2431 reg_t *dbg_ctrl = &arm7_9->eice_cache->reg_list[EICE_DBG_CTRL];
2432
2433 uint32_t reg[16];
2434 uint32_t num_accesses = 0;
2435 int thisrun_accesses;
2436 int i;
2437 uint32_t cpsr;
2438 int retval;
2439 int last_reg = 0;
2440
2441 #ifdef _DEBUG_ARM7_9_
2442 LOG_DEBUG("address: 0x%8.8x, size: 0x%8.8x, count: 0x%8.8x", address, size, count);
2443 #endif
2444
2445 if (target->state != TARGET_HALTED)
2446 {
2447 LOG_WARNING("target not halted");
2448 return ERROR_TARGET_NOT_HALTED;
2449 }
2450
2451 /* sanitize arguments */
2452 if (((size != 4) && (size != 2) && (size != 1)) || (count == 0) || !(buffer))
2453 return ERROR_INVALID_ARGUMENTS;
2454
2455 if (((size == 4) && (address & 0x3u)) || ((size == 2) && (address & 0x1u)))
2456 return ERROR_TARGET_UNALIGNED_ACCESS;
2457
2458 /* load the base register with the address of the first word */
2459 reg[0] = address;
2460 arm7_9->write_core_regs(target, 0x1, reg);
2461
2462 /* Clear DBGACK, to make sure memory fetches work as expected */
2463 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 0);
2464 embeddedice_store_reg(dbg_ctrl);
2465
2466 switch (size)
2467 {
2468 case 4:
2469 while (num_accesses < count)
2470 {
2471 uint32_t reg_list;
2472 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2473 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2474
2475 for (i = 1; i <= thisrun_accesses; i++)
2476 {
2477 if (i > last_reg)
2478 last_reg = i;
2479 reg[i] = target_buffer_get_u32(target, buffer);
2480 buffer += 4;
2481 }
2482
2483 arm7_9->write_core_regs(target, reg_list, reg);
2484
2485 arm7_9->store_word_regs(target, reg_list);
2486
2487 /* fast memory writes are only safe when the target is running
2488 * from a sufficiently high clock (32 kHz is usually too slow)
2489 */
2490 if (arm7_9->fast_memory_access)
2491 retval = arm7_9_execute_fast_sys_speed(target);
2492 else
2493 retval = arm7_9_execute_sys_speed(target);
2494 if (retval != ERROR_OK)
2495 {
2496 return retval;
2497 }
2498
2499 num_accesses += thisrun_accesses;
2500 }
2501 break;
2502 case 2:
2503 while (num_accesses < count)
2504 {
2505 uint32_t reg_list;
2506 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2507 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2508
2509 for (i = 1; i <= thisrun_accesses; i++)
2510 {
2511 if (i > last_reg)
2512 last_reg = i;
2513 reg[i] = target_buffer_get_u16(target, buffer) & 0xffff;
2514 buffer += 2;
2515 }
2516
2517 arm7_9->write_core_regs(target, reg_list, reg);
2518
2519 for (i = 1; i <= thisrun_accesses; i++)
2520 {
2521 arm7_9->store_hword_reg(target, i);
2522
2523 /* fast memory writes are only safe when the target is running
2524 * from a sufficiently high clock (32 kHz is usually too slow)
2525 */
2526 if (arm7_9->fast_memory_access)
2527 retval = arm7_9_execute_fast_sys_speed(target);
2528 else
2529 retval = arm7_9_execute_sys_speed(target);
2530 if (retval != ERROR_OK)
2531 {
2532 return retval;
2533 }
2534 }
2535
2536 num_accesses += thisrun_accesses;
2537 }
2538 break;
2539 case 1:
2540 while (num_accesses < count)
2541 {
2542 uint32_t reg_list;
2543 thisrun_accesses = ((count - num_accesses) >= 14) ? 14 : (count - num_accesses);
2544 reg_list = (0xffff >> (15 - thisrun_accesses)) & 0xfffe;
2545
2546 for (i = 1; i <= thisrun_accesses; i++)
2547 {
2548 if (i > last_reg)
2549 last_reg = i;
2550 reg[i] = *buffer++ & 0xff;
2551 }
2552
2553 arm7_9->write_core_regs(target, reg_list, reg);
2554
2555 for (i = 1; i <= thisrun_accesses; i++)
2556 {
2557 arm7_9->store_byte_reg(target, i);
2558 /* fast memory writes are only safe when the target is running
2559 * from a sufficiently high clock (32 kHz is usually too slow)
2560 */
2561 if (arm7_9->fast_memory_access)
2562 retval = arm7_9_execute_fast_sys_speed(target);
2563 else
2564 retval = arm7_9_execute_sys_speed(target);
2565 if (retval != ERROR_OK)
2566 {
2567 return retval;
2568 }
2569
2570 }
2571
2572 num_accesses += thisrun_accesses;
2573 }
2574 break;
2575 default:
2576 LOG_ERROR("BUG: we shouldn't get here");
2577 exit(-1);
2578 break;
2579 }
2580
2581 /* Re-Set DBGACK */
2582 buf_set_u32(dbg_ctrl->value, EICE_DBG_CONTROL_DBGACK, 1, 1);
2583 embeddedice_store_reg(dbg_ctrl);
2584
2585 if (armv4_5_mode_to_number(armv4_5->core_mode)==-1)
2586 return ERROR_FAIL;
2587
2588 for (i = 0; i <= last_reg; i++)
2589 ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).dirty = ARMV4_5_CORE_REG_MODE(armv4_5->core_cache, armv4_5->core_mode, i).valid;
2590
2591 arm7_9->read_xpsr(target, &cpsr, 0);
2592 if ((retval = jtag_execute_queue()) != ERROR_OK)
2593 {
2594 LOG_ERROR("JTAG error while reading cpsr");
2595 return ERROR_TARGET_DATA_ABORT;
2596 }
2597
2598 if (((cpsr & 0x1f) == ARMV4_5_MODE_ABT) && (armv4_5->core_mode != ARMV4_5_MODE_ABT))
2599 {
2600 LOG_WARNING("memory write caused data abort (address: 0x%8.8" PRIx32 ", size: 0x%" PRIx32 ", count: 0x%" PRIx32 ")", address, size, count);
2601
2602 arm7_9->write_xpsr_im8(target, buf_get_u32(armv4_5->core_cache->reg_list[ARMV4_5_CPSR].value, 0, 8) & ~0x20, 0, 0);
2603
2604 return ERROR_TARGET_DATA_ABORT;
2605 }
2606
2607 return ERROR_OK;
2608 }
2609
2610 static int dcc_count;
2611 static uint8_t *dcc_buffer;
2612
2613 static int arm7_9_dcc_completion(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info)
2614 {
2615 int retval = ERROR_OK;
2616 armv4_5_common_t *armv4_5 = target->arch_info;
2617 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2618
2619 if ((retval = target_wait_state(target, TARGET_DEBUG_RUNNING, 500)) != ERROR_OK)
2620 return retval;
2621
2622 int little = target->endianness == TARGET_LITTLE_ENDIAN;
2623 int count = dcc_count;
2624 uint8_t *buffer = dcc_buffer;
2625 if (count > 2)
2626 {
2627 /* Handle first & last using standard embeddedice_write_reg and the middle ones w/the
2628 * core function repeated. */
2629 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2630 buffer += 4;
2631
2632 embeddedice_reg_t *ice_reg = arm7_9->eice_cache->reg_list[EICE_COMMS_DATA].arch_info;
2633 uint8_t reg_addr = ice_reg->addr & 0x1f;
2634 jtag_tap_t *tap;
2635 tap = ice_reg->jtag_info->tap;
2636
2637 embeddedice_write_dcc(tap, reg_addr, buffer, little, count-2);
2638 buffer += (count-2)*4;
2639
2640 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2641 } else
2642 {
2643 int i;
2644 for (i = 0; i < count; i++)
2645 {
2646 embeddedice_write_reg(&arm7_9->eice_cache->reg_list[EICE_COMMS_DATA], fast_target_buffer_get_u32(buffer, little));
2647 buffer += 4;
2648 }
2649 }
2650
2651 if ((retval = target_halt(target))!= ERROR_OK)
2652 {
2653 return retval;
2654 }
2655 return target_wait_state(target, TARGET_HALTED, 500);
2656 }
2657
2658 static const uint32_t dcc_code[] =
2659 {
2660 /* r0 == input, points to memory buffer
2661 * r1 == scratch
2662 */
2663
2664 /* spin until DCC control (c0) reports data arrived */
2665 0xee101e10, /* w: mrc p14, #0, r1, c0, c0 */
2666 0xe3110001, /* tst r1, #1 */
2667 0x0afffffc, /* bne w */
2668
2669 /* read word from DCC (c1), write to memory */
2670 0xee111e10, /* mrc p14, #0, r1, c1, c0 */
2671 0xe4801004, /* str r1, [r0], #4 */
2672
2673 /* repeat */
2674 0xeafffff9 /* b w */
2675 };
2676
2677 int armv4_5_run_algorithm_inner(struct target_s *target, int num_mem_params, mem_param_t *mem_params, int num_reg_params, reg_param_t *reg_params, uint32_t entry_point, uint32_t exit_point, int timeout_ms, void *arch_info, int (*run_it)(struct target_s *target, uint32_t exit_point, int timeout_ms, void *arch_info));
2678
2679 int arm7_9_bulk_write_memory(target_t *target, uint32_t address, uint32_t count, uint8_t *buffer)
2680 {
2681 int retval;
2682 armv4_5_common_t *armv4_5 = target->arch_info;
2683 arm7_9_common_t *arm7_9 = armv4_5->arch_info;
2684 int i;
2685
2686 if (!arm7_9->dcc_downloads)
2687 return target_write_memory(target, address, 4, count, buffer);
2688
2689 /* regrab previously allocated working_area, or allocate a new one */
2690 if (!arm7_9->dcc_working_area)
2691 {
2692 uint8_t dcc_code_buf[6 * 4];
2693
2694 /* make sure we have a working area */
2695 if (target_alloc_working_area(target, 24, &arm7_9->dcc_working_area) != ERROR_OK)
2696 {
2697 LOG_INFO("no working area available, falling back to memory writes");
2698 return target_write_memory(target, address, 4, count, buffer);
2699 }
2700
2701 /* copy target instructions to target endianness */
2702 for (i = 0; i < 6; i++)
2703 {
2704 target_buffer_set_u32(target, dcc_code_buf + i*4, dcc_code[i]);
2705 }
2706
2707 /* write DCC code to working area */
2708 if ((retval = target_write_memory(target, arm7_9->dcc_working_area->address, 4, 6, dcc_code_buf)) != ERROR_OK)
2709 {
2710 return retval;
2711 }
2712 }
2713
2714 armv4_5_algorithm_t armv4_5_info;
2715 reg_param_t reg_params[1];
2716
2717 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2718 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2719 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2720
2721 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2722
2723 buf_set_u32(reg_params[0].value, 0, 32, address);
2724
2725 dcc_count = count;
2726 dcc_buffer = buffer;
2727 retval = armv4_5_run_algorithm_inner(target, 0, NULL, 1, reg_params,
2728 arm7_9->dcc_working_area->address, arm7_9->dcc_working_area->address + 6*4, 20*1000, &armv4_5_info, arm7_9_dcc_completion);
2729
2730 if (retval == ERROR_OK)
2731 {
2732 uint32_t endaddress = buf_get_u32(reg_params[0].value, 0, 32);
2733 if (endaddress != (address + count*4))
2734 {
2735 LOG_ERROR("DCC write failed, expected end address 0x%08" PRIx32 " got 0x%0" PRIx32 "", (address + count*4), endaddress);
2736 retval = ERROR_FAIL;
2737 }
2738 }
2739
2740 destroy_reg_param(&reg_params[0]);
2741
2742 return retval;
2743 }
2744
2745 int arm7_9_checksum_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* checksum)
2746 {
2747 working_area_t *crc_algorithm;
2748 armv4_5_algorithm_t armv4_5_info;
2749 reg_param_t reg_params[2];
2750 int retval;
2751
2752 static const uint32_t arm7_9_crc_code[] = {
2753 0xE1A02000, /* mov r2, r0 */
2754 0xE3E00000, /* mov r0, #0xffffffff */
2755 0xE1A03001, /* mov r3, r1 */
2756 0xE3A04000, /* mov r4, #0 */
2757 0xEA00000B, /* b ncomp */
2758 /* nbyte: */
2759 0xE7D21004, /* ldrb r1, [r2, r4] */
2760 0xE59F7030, /* ldr r7, CRC32XOR */
2761 0xE0200C01, /* eor r0, r0, r1, asl 24 */
2762 0xE3A05000, /* mov r5, #0 */
2763 /* loop: */
2764 0xE3500000, /* cmp r0, #0 */
2765 0xE1A06080, /* mov r6, r0, asl #1 */
2766 0xE2855001, /* add r5, r5, #1 */
2767 0xE1A00006, /* mov r0, r6 */
2768 0xB0260007, /* eorlt r0, r6, r7 */
2769 0xE3550008, /* cmp r5, #8 */
2770 0x1AFFFFF8, /* bne loop */
2771 0xE2844001, /* add r4, r4, #1 */
2772 /* ncomp: */
2773 0xE1540003, /* cmp r4, r3 */
2774 0x1AFFFFF1, /* bne nbyte */
2775 /* end: */
2776 0xEAFFFFFE, /* b end */
2777 0x04C11DB7 /* CRC32XOR: .word 0x04C11DB7 */
2778 };
2779
2780 uint32_t i;
2781
2782 if (target_alloc_working_area(target, sizeof(arm7_9_crc_code), &crc_algorithm) != ERROR_OK)
2783 {
2784 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2785 }
2786
2787 /* convert flash writing code into a buffer in target endianness */
2788 for (i = 0; i < (sizeof(arm7_9_crc_code)/sizeof(uint32_t)); i++)
2789 {
2790 if ((retval = target_write_u32(target, crc_algorithm->address + i*sizeof(uint32_t), arm7_9_crc_code[i])) != ERROR_OK)
2791 {
2792 return retval;
2793 }
2794 }
2795
2796 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2797 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2798 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2799
2800 init_reg_param(&reg_params[0], "r0", 32, PARAM_IN_OUT);
2801 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2802
2803 buf_set_u32(reg_params[0].value, 0, 32, address);
2804 buf_set_u32(reg_params[1].value, 0, 32, count);
2805
2806 if ((retval = target_run_algorithm(target, 0, NULL, 2, reg_params,
2807 crc_algorithm->address, crc_algorithm->address + (sizeof(arm7_9_crc_code) - 8), 20000, &armv4_5_info)) != ERROR_OK)
2808 {
2809 LOG_ERROR("error executing arm7_9 crc algorithm");
2810 destroy_reg_param(&reg_params[0]);
2811 destroy_reg_param(&reg_params[1]);
2812 target_free_working_area(target, crc_algorithm);
2813 return retval;
2814 }
2815
2816 *checksum = buf_get_u32(reg_params[0].value, 0, 32);
2817
2818 destroy_reg_param(&reg_params[0]);
2819 destroy_reg_param(&reg_params[1]);
2820
2821 target_free_working_area(target, crc_algorithm);
2822
2823 return ERROR_OK;
2824 }
2825
2826 int arm7_9_blank_check_memory(struct target_s *target, uint32_t address, uint32_t count, uint32_t* blank)
2827 {
2828 working_area_t *erase_check_algorithm;
2829 reg_param_t reg_params[3];
2830 armv4_5_algorithm_t armv4_5_info;
2831 int retval;
2832 uint32_t i;
2833
2834 static const uint32_t erase_check_code[] =
2835 {
2836 /* loop: */
2837 0xe4d03001, /* ldrb r3, [r0], #1 */
2838 0xe0022003, /* and r2, r2, r3 */
2839 0xe2511001, /* subs r1, r1, #1 */
2840 0x1afffffb, /* bne loop */
2841 /* end: */
2842 0xeafffffe /* b end */
2843 };
2844
2845 /* make sure we have a working area */
2846 if (target_alloc_working_area(target, sizeof(erase_check_code), &erase_check_algorithm) != ERROR_OK)
2847 {
2848 return ERROR_TARGET_RESOURCE_NOT_AVAILABLE;
2849 }
2850
2851 /* convert flash writing code into a buffer in target endianness */
2852 for (i = 0; i < (sizeof(erase_check_code)/sizeof(uint32_t)); i++)
2853 if ((retval = target_write_u32(target, erase_check_algorithm->address + i*sizeof(uint32_t), erase_check_code[i])) != ERROR_OK)
2854 {
2855 return retval;
2856 }
2857
2858 armv4_5_info.common_magic = ARMV4_5_COMMON_MAGIC;
2859 armv4_5_info.core_mode = ARMV4_5_MODE_SVC;
2860 armv4_5_info.core_state = ARMV4_5_STATE_ARM;
2861
2862 init_reg_param(&reg_params[0], "r0", 32, PARAM_OUT);
2863 buf_set_u32(reg_params[0].value, 0, 32, address);
2864
2865 init_reg_param(&reg_params[1], "r1", 32, PARAM_OUT);
2866 buf_set_u32(reg_params[1].value, 0, 32, count);
2867
2868 init_reg_param(&reg_params[2], "r2", 32, PARAM_IN_OUT);
2869 buf_set_u32(reg_params[2].value, 0, 32, 0xff);
2870
2871 if ((retval = target_run_algorithm(target, 0, NULL, 3, reg_params,
2872 erase_check_algorithm->address, erase_check_algorithm->address + (sizeof(erase_check_code) - 4), 10000, &armv4_5_info)) != ERROR_OK)
2873 {
2874 destroy_reg_param(&reg_params[0]);
2875 destroy_reg_param(&reg_params[1]);
2876 destroy_reg_param(&reg_params[2]);
2877 target_free_working_area(target, erase_check_algorithm);
2878 return 0;
2879 }
2880
2881 *blank = buf_get_u32(reg_params[2].value, 0, 32);
2882
2883 destroy_reg_param(&reg_params[0]);
2884 destroy_reg_param(&reg_params[1]);
2885 destroy_reg_param(&reg_params[2]);
2886
2887 target_free_working_area(target, erase_check_algorithm);
2888
2889 return ERROR_OK;
2890 }
2891
2892 int arm7_9_register_commands(struct command_context_s *cmd_ctx)
2893 {
2894 command_t *arm7_9_cmd;
2895
2896 arm7_9_cmd = register_command(cmd_ctx, NULL, "arm7_9", NULL, COMMAND_ANY, "arm7/9 specific commands");
2897
2898 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr", handle_arm7_9_write_xpsr_command, COMMAND_EXEC, "write program status register <value> <not cpsr | spsr>");
2899 register_command(cmd_ctx, arm7_9_cmd, "write_xpsr_im8", handle_arm7_9_write_xpsr_im8_command, COMMAND_EXEC, "write program status register <8bit immediate> <rotate> <not cpsr | spsr>");
2900
2901 register_command(cmd_ctx, arm7_9_cmd, "write_core_reg", handle_arm7_9_write_core_reg_command, COMMAND_EXEC, "write core register <num> <mode> <value>");
2902
2903 register_command(cmd_ctx, arm7_9_cmd, "dbgrq", handle_arm7_9_dbgrq_command,
2904 COMMAND_ANY, "use EmbeddedICE dbgrq instead of breakpoint for target halt requests <enable | disable>");
2905 register_command(cmd_ctx, arm7_9_cmd, "fast_memory_access", handle_arm7_9_fast_memory_access_command,
2906 COMMAND_ANY, "use fast memory accesses instead of slower but potentially safer accesses <enable | disable>");
2907 register_command(cmd_ctx, arm7_9_cmd, "dcc_downloads", handle_arm7_9_dcc_downloads_command,
2908 COMMAND_ANY, "use DCC downloads for larger memory writes <enable | disable>");
2909
2910 armv4_5_register_commands(cmd_ctx);
2911
2912 etm_register_commands(cmd_ctx);
2913
2914 return ERROR_OK;
2915 }
2916
2917 int handle_arm7_9_write_xpsr_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2918 {
2919 uint32_t value;
2920 int spsr;
2921 int retval;
2922 target_t *target = get_current_target(cmd_ctx);
2923 armv4_5_common_t *armv4_5;
2924 arm7_9_common_t *arm7_9;
2925
2926 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2927 {
2928 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2929 return ERROR_OK;
2930 }
2931
2932 if (target->state != TARGET_HALTED)
2933 {
2934 command_print(cmd_ctx, "can't write registers while running");
2935 return ERROR_OK;
2936 }
2937
2938 if (argc < 2)
2939 {
2940 command_print(cmd_ctx, "usage: write_xpsr <value> <not cpsr | spsr>");
2941 return ERROR_OK;
2942 }
2943
2944 value = strtoul(args[0], NULL, 0);
2945 spsr = strtol(args[1], NULL, 0);
2946
2947 /* if we're writing the CPSR, mask the T bit */
2948 if (!spsr)
2949 value &= ~0x20;
2950
2951 arm7_9->write_xpsr(target, value, spsr);
2952 if ((retval = jtag_execute_queue()) != ERROR_OK)
2953 {
2954 LOG_ERROR("JTAG error while writing to xpsr");
2955 return retval;
2956 }
2957
2958 return ERROR_OK;
2959 }
2960
2961 int handle_arm7_9_write_xpsr_im8_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
2962 {
2963 uint32_t value;
2964 int rotate;
2965 int spsr;
2966 int retval;
2967 target_t *target = get_current_target(cmd_ctx);
2968 armv4_5_common_t *armv4_5;
2969 arm7_9_common_t *arm7_9;
2970
2971 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
2972 {
2973 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
2974 return ERROR_OK;
2975 }
2976
2977 if (target->state != TARGET_HALTED)
2978 {
2979 command_print(cmd_ctx, "can't write registers while running");
2980 return ERROR_OK;
2981 }
2982
2983 if (argc < 3)
2984 {
2985 command_print(cmd_ctx, "usage: write_xpsr_im8 <im8> <rotate> <not cpsr | spsr>");
2986 return ERROR_OK;
2987 }
2988
2989 value = strtoul(args[0], NULL, 0);
2990 rotate = strtol(args[1], NULL, 0);
2991 spsr = strtol(args[2], NULL, 0);
2992
2993 arm7_9->write_xpsr_im8(target, value, rotate, spsr);
2994 if ((retval = jtag_execute_queue()) != ERROR_OK)
2995 {
2996 LOG_ERROR("JTAG error while writing 8-bit immediate to xpsr");
2997 return retval;
2998 }
2999
3000 return ERROR_OK;
3001 }
3002
3003 int handle_arm7_9_write_core_reg_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3004 {
3005 uint32_t value;
3006 uint32_t mode;
3007 int num;
3008 target_t *target = get_current_target(cmd_ctx);
3009 armv4_5_common_t *armv4_5;
3010 arm7_9_common_t *arm7_9;
3011
3012 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3013 {
3014 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3015 return ERROR_OK;
3016 }
3017
3018 if (target->state != TARGET_HALTED)
3019 {
3020 command_print(cmd_ctx, "can't write registers while running");
3021 return ERROR_OK;
3022 }
3023
3024 if (argc < 3)
3025 {
3026 command_print(cmd_ctx, "usage: write_core_reg <num> <mode> <value>");
3027 return ERROR_OK;
3028 }
3029
3030 num = strtol(args[0], NULL, 0);
3031 mode = strtoul(args[1], NULL, 0);
3032 value = strtoul(args[2], NULL, 0);
3033
3034 return arm7_9_write_core_reg(target, num, mode, value);
3035 }
3036
3037 int handle_arm7_9_dbgrq_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3038 {
3039 target_t *target = get_current_target(cmd_ctx);
3040 armv4_5_common_t *armv4_5;
3041 arm7_9_common_t *arm7_9;
3042
3043 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3044 {
3045 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3046 return ERROR_OK;
3047 }
3048
3049 if (argc > 0)
3050 {
3051 if (strcmp("enable", args[0]) == 0)
3052 {
3053 arm7_9->use_dbgrq = 1;
3054 }
3055 else if (strcmp("disable", args[0]) == 0)
3056 {
3057 arm7_9->use_dbgrq = 0;
3058 }
3059 else
3060 {
3061 command_print(cmd_ctx, "usage: arm7_9 dbgrq <enable | disable>");
3062 }
3063 }
3064
3065 command_print(cmd_ctx, "use of EmbeddedICE dbgrq instead of breakpoint for target halt %s", (arm7_9->use_dbgrq) ? "enabled" : "disabled");
3066
3067 return ERROR_OK;
3068 }
3069
3070 int handle_arm7_9_fast_memory_access_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3071 {
3072 target_t *target = get_current_target(cmd_ctx);
3073 armv4_5_common_t *armv4_5;
3074 arm7_9_common_t *arm7_9;
3075
3076 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3077 {
3078 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3079 return ERROR_OK;
3080 }
3081
3082 if (argc > 0)
3083 {
3084 if (strcmp("enable", args[0]) == 0)
3085 {
3086 arm7_9->fast_memory_access = 1;
3087 }
3088 else if (strcmp("disable", args[0]) == 0)
3089 {
3090 arm7_9->fast_memory_access = 0;
3091 }
3092 else
3093 {
3094 command_print(cmd_ctx, "usage: arm7_9 fast_memory_access <enable | disable>");
3095 }
3096 }
3097
3098 command_print(cmd_ctx, "fast memory access is %s", (arm7_9->fast_memory_access) ? "enabled" : "disabled");
3099
3100 return ERROR_OK;
3101 }
3102
3103 int handle_arm7_9_dcc_downloads_command(struct command_context_s *cmd_ctx, char *cmd, char **args, int argc)
3104 {
3105 target_t *target = get_current_target(cmd_ctx);
3106 armv4_5_common_t *armv4_5;
3107 arm7_9_common_t *arm7_9;
3108
3109 if (arm7_9_get_arch_pointers(target, &armv4_5, &arm7_9) != ERROR_OK)
3110 {
3111 command_print(cmd_ctx, "current target isn't an ARM7/ARM9 target");
3112 return ERROR_OK;
3113 }
3114
3115 if (argc > 0)
3116 {
3117 if (strcmp("enable", args[0]) == 0)
3118 {
3119 arm7_9->dcc_downloads = 1;
3120 }
3121 else if (strcmp("disable", args[0]) == 0)
3122 {
3123 arm7_9->dcc_downloads = 0;
3124 }
3125 else
3126 {
3127 command_print(cmd_ctx, "usage: arm7_9 dcc_downloads <enable | disable>");
3128 }
3129 }
3130
3131 command_print(cmd_ctx, "dcc downloads are %s", (arm7_9->dcc_downloads) ? "enabled" : "disabled");
3132
3133 return ERROR_OK;
3134 }
3135
3136 int arm7_9_init_arch_info(target_t *target, arm7_9_common_t *arm7_9)
3137 {
3138 int retval = ERROR_OK;
3139 armv4_5_common_t *armv4_5 = &arm7_9->armv4_5_common;
3140
3141 arm7_9->common_magic = ARM7_9_COMMON_MAGIC;
3142
3143 if ((retval = arm_jtag_setup_connection(&arm7_9->jtag_info)) != ERROR_OK)
3144 {
3145 return retval;
3146 }
3147
3148 arm7_9->wp_available = 0; /* this is set up in arm7_9_clear_watchpoints() */
3149 arm7_9->wp_available_max = 2;
3150 arm7_9->sw_breakpoints_added = 0;
3151 arm7_9->sw_breakpoint_count = 0;
3152 arm7_9->breakpoint_count = 0;
3153 arm7_9->wp0_used = 0;
3154 arm7_9->wp1_used = 0;
3155 arm7_9->wp1_used_default = 0;
3156 arm7_9->use_dbgrq = 0;
3157
3158 arm7_9->etm_ctx = NULL;
3159 arm7_9->has_single_step = 0;
3160 arm7_9->has_monitor_mode = 0;
3161 arm7_9->has_vector_catch = 0;
3162
3163 arm7_9->debug_entry_from_reset = 0;
3164
3165 arm7_9->dcc_working_area = NULL;
3166
3167 arm7_9->fast_memory_access = fast_and_dangerous;
3168 arm7_9->dcc_downloads = fast_and_dangerous;
3169
3170 arm7_9->need_bypass_before_restart = 0;
3171
3172 armv4_5->arch_info = arm7_9;
3173 armv4_5->read_core_reg = arm7_9_read_core_reg;
3174 armv4_5->write_core_reg = arm7_9_write_core_reg;
3175 armv4_5->full_context = arm7_9_full_context;
3176
3177 if ((retval = armv4_5_init_arch_info(target, armv4_5)) != ERROR_OK)
3178 {
3179 return retval;
3180 }
3181
3182 if ((retval = target_register_timer_callback(arm7_9_handle_target_request, 1, 1, target)) != ERROR_OK)
3183 {
3184 return retval;
3185 }
3186
3187 return ERROR_OK;
3188 }
Open On-Chip Debugger

Linking to existing account procedure

If you already have an account and want to add another login method you MUST first sign in with your existing account and then change URL to read https://review.openocd.org/login/?link to get to this page again but this time it'll work for linking. Thank you.

SSH host keys fingerprints

1024 SHA256:YKx8b7u5ZWdcbp7/4AeXNaqElP49m6QrwfXaqQGJAOk gerrit-code-review@openocd.zylin.com (DSA)
384 SHA256:jHIbSQa4REvwCFG4cq5LBlBLxmxSqelQPem/EXIrxjk gerrit-code-review@openocd.org (ECDSA)
521 SHA256:UAOPYkU9Fjtcao0Ul/Rrlnj/OsQvt+pgdYSZ4jOYdgs gerrit-code-review@openocd.org (ECDSA)
256 SHA256:A13M5QlnozFOvTllybRZH6vm7iSt0XLxbA48yfc2yfY gerrit-code-review@openocd.org (ECDSA)
256 SHA256:spYMBqEYoAOtK7yZBrcwE8ZpYt6b68Cfh9yEVetvbXg gerrit-code-review@openocd.org (ED25519)
+--[ED25519 256]--+
|=..              |
|+o..   .         |
|*.o   . .        |
|+B . . .         |
|Bo. = o S        |
|Oo.+ + =         |
|oB=.* = . o      |
| =+=.+   + E     |
|. .=o   . o      |
+----[SHA256]-----+
2048 SHA256:0Onrb7/PHjpo6iVZ7xQX2riKN83FJ3KGU0TvI0TaFG4 gerrit-code-review@openocd.zylin.com (RSA)